summaryrefslogtreecommitdiff
path: root/docs/docbook/smbdotconf
diff options
context:
space:
mode:
Diffstat (limited to 'docs/docbook/smbdotconf')
-rw-r--r--docs/docbook/smbdotconf/README158
-rw-r--r--docs/docbook/smbdotconf/browse/browsable.xml9
-rw-r--r--docs/docbook/smbdotconf/browse/browseable.xml11
-rw-r--r--docs/docbook/smbdotconf/browse/browselist.xml14
-rw-r--r--docs/docbook/smbdotconf/browse/domainmaster.xml38
-rw-r--r--docs/docbook/smbdotconf/browse/enhancedbrowsing.xml27
-rw-r--r--docs/docbook/smbdotconf/browse/lmannounce.xml27
-rw-r--r--docs/docbook/smbdotconf/browse/lminterval.xml20
-rw-r--r--docs/docbook/smbdotconf/browse/localmaster.xml22
-rw-r--r--docs/docbook/smbdotconf/browse/oslevel.xml25
-rw-r--r--docs/docbook/smbdotconf/browse/preferedmaster.xml9
-rw-r--r--docs/docbook/smbdotconf/browse/preferredmaster.xml29
-rw-r--r--docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml21
-rw-r--r--docs/docbook/smbdotconf/filename/casesensitive.xml9
-rw-r--r--docs/docbook/smbdotconf/filename/casesignames.xml8
-rw-r--r--docs/docbook/smbdotconf/filename/defaultcase.xml11
-rw-r--r--docs/docbook/smbdotconf/filename/deletevetofiles.xml28
-rw-r--r--docs/docbook/smbdotconf/filename/hidedotfiles.xml10
-rw-r--r--docs/docbook/smbdotconf/filename/hidefiles.xml39
-rw-r--r--docs/docbook/smbdotconf/filename/hidespecialfiles.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/hideunreadable.xml10
-rw-r--r--docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/manglecase.xml9
-rw-r--r--docs/docbook/smbdotconf/filename/mangledmap.xml26
-rw-r--r--docs/docbook/smbdotconf/filename/manglednames.xml67
-rw-r--r--docs/docbook/smbdotconf/filename/mangledstack.xml27
-rw-r--r--docs/docbook/smbdotconf/filename/mangleprefix.xml16
-rw-r--r--docs/docbook/smbdotconf/filename/manglingchar.xml14
-rw-r--r--docs/docbook/smbdotconf/filename/manglingmethod.xml19
-rw-r--r--docs/docbook/smbdotconf/filename/maparchive.xml19
-rw-r--r--docs/docbook/smbdotconf/filename/maphidden.xml15
-rw-r--r--docs/docbook/smbdotconf/filename/mapsystem.xml15
-rw-r--r--docs/docbook/smbdotconf/filename/preservecase.xml14
-rw-r--r--docs/docbook/smbdotconf/filename/shortpreservecase.xml17
-rw-r--r--docs/docbook/smbdotconf/filename/statcache.xml13
-rw-r--r--docs/docbook/smbdotconf/filename/stripdot.xml12
-rw-r--r--docs/docbook/smbdotconf/filename/vetooplockfiles.xml25
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapadmindn.xml16
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapdeletedn.xml13
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapfilter.xml14
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml10
-rw-r--r--docs/docbook/smbdotconf/ldap/ldappasswdsync.xml35
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapport.xml19
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapserver.xml15
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapssl.xml39
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapsuffix.xml14
-rw-r--r--docs/docbook/smbdotconf/ldap/ldaptrustids.xml23
-rw-r--r--docs/docbook/smbdotconf/ldap/ldapusersuffix.xml10
-rw-r--r--docs/docbook/smbdotconf/locking/blockinglocks.xml23
-rw-r--r--docs/docbook/smbdotconf/locking/cscpolicy.xml20
-rw-r--r--docs/docbook/smbdotconf/locking/fakeoplocks.xml31
-rw-r--r--docs/docbook/smbdotconf/locking/kerneloplocks.xml27
-rw-r--r--docs/docbook/smbdotconf/locking/level2oplocks.xml41
-rw-r--r--docs/docbook/smbdotconf/locking/locking.xml27
-rw-r--r--docs/docbook/smbdotconf/locking/lockspincount.xml17
-rw-r--r--docs/docbook/smbdotconf/locking/lockspintime.xml12
-rw-r--r--docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml18
-rw-r--r--docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml22
-rw-r--r--docs/docbook/smbdotconf/locking/oplocks.xml29
-rw-r--r--docs/docbook/smbdotconf/locking/posixlocking.xml16
-rw-r--r--docs/docbook/smbdotconf/locking/sharemodes.xml28
-rw-r--r--docs/docbook/smbdotconf/locking/strictlocking.xml19
-rw-r--r--docs/docbook/smbdotconf/logon/abortshutdownscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/addgroupscript.xml17
-rw-r--r--docs/docbook/smbdotconf/logon/addmachinescript.xml21
-rw-r--r--docs/docbook/smbdotconf/logon/adduserscript.xml50
-rw-r--r--docs/docbook/smbdotconf/logon/addusertogroupscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/deletegroupscript.xml13
-rw-r--r--docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/deleteuserscript.xml22
-rw-r--r--docs/docbook/smbdotconf/logon/domainlogons.xml15
-rw-r--r--docs/docbook/smbdotconf/logon/logondrive.xml18
-rw-r--r--docs/docbook/smbdotconf/logon/logonhome.xml45
-rw-r--r--docs/docbook/smbdotconf/logon/logonpath.xml49
-rw-r--r--docs/docbook/smbdotconf/logon/logonscript.xml44
-rw-r--r--docs/docbook/smbdotconf/logon/setprimarygroupscript.xml21
-rw-r--r--docs/docbook/smbdotconf/logon/shutdownscript.xml59
-rw-r--r--docs/docbook/smbdotconf/printing/addprintercommand.xml63
-rw-r--r--docs/docbook/smbdotconf/printing/defaultdevmode.xml37
-rw-r--r--docs/docbook/smbdotconf/printing/deleteprintercommand.xml38
-rw-r--r--docs/docbook/smbdotconf/printing/enumportscommand.xml25
-rw-r--r--docs/docbook/smbdotconf/printing/lppausecommand.xml43
-rw-r--r--docs/docbook/smbdotconf/printing/lpresumecommand.xml39
-rw-r--r--docs/docbook/smbdotconf/printing/os2drivermap.xml23
-rw-r--r--docs/docbook/smbdotconf/printing/printer.xml9
-rw-r--r--docs/docbook/smbdotconf/printing/printername.xml18
-rw-r--r--docs/docbook/smbdotconf/printing/printing.xml31
-rw-r--r--docs/docbook/smbdotconf/printing/queuepausecommand.xml29
-rw-r--r--docs/docbook/smbdotconf/printing/queueresumecommand.xml33
-rw-r--r--docs/docbook/smbdotconf/printing/showaddprinterwizard.xml35
-rw-r--r--docs/docbook/smbdotconf/security/encryptpasswords.xml24
-rw-r--r--docs/docbook/smbdotconf/vfs/hostmsdfs.xml20
-rw-r--r--docs/docbook/smbdotconf/vfs/msdfsproxy.xml18
-rw-r--r--docs/docbook/smbdotconf/vfs/msdfsroot.xml20
-rw-r--r--docs/docbook/smbdotconf/vfs/vfsobject.xml12
-rw-r--r--docs/docbook/smbdotconf/vfs/vfsoptions.xml12
-rw-r--r--docs/docbook/smbdotconf/vfs/vfspath.xml13
-rw-r--r--docs/docbook/smbdotconf/winbind/templatehomedir.xml17
-rw-r--r--docs/docbook/smbdotconf/winbind/templateshell.xml13
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindcachetime.xml14
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindenumgroups.xml21
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindenumusers.xml23
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindgid.xml16
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindseparator.xml21
-rw-r--r--docs/docbook/smbdotconf/winbind/winbinduid.xml16
-rw-r--r--docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml19
-rw-r--r--docs/docbook/smbdotconf/wins/dnsproxy.xml25
-rw-r--r--docs/docbook/smbdotconf/wins/winshook.xml57
-rw-r--r--docs/docbook/smbdotconf/wins/winspartners.xml17
-rw-r--r--docs/docbook/smbdotconf/wins/winsproxy.xml13
-rw-r--r--docs/docbook/smbdotconf/wins/winsserver.xml37
-rw-r--r--docs/docbook/smbdotconf/wins/winssupport.xml15
112 files changed, 2689 insertions, 0 deletions
diff --git a/docs/docbook/smbdotconf/README b/docs/docbook/smbdotconf/README
new file mode 100644
index 0000000000..9a037149ad
--- /dev/null
+++ b/docs/docbook/smbdotconf/README
@@ -0,0 +1,158 @@
+DocBook XML 4.2 source code for smb.conf(5) documentation for Samba 3.0
+
+Author of the document: Alexander Bokovoy <ab@samba.org>
+
+Welcome to new smb.conf(5) documentation build system! This directory
+contains a new incarnation of Samba's smb.conf(5) Docbook XML 4.2
+sources. Note that the output might be unsatisfying untill all smb.conf(5)
+parameters will converted to new format (see Chapter 4 for details).
+
+Content
+-------
+
+0. Prerequisites
+1. Structure
+2. XSLT stylesheets
+3. Usage
+4. Current status of converted parameters
+
+Prerequisites
+-------------
+
+In order to compile smb.conf(5) documentation from Docbook XML 4.2
+sources you'll need:
+
+ - a working libxml2 and libxslt installation, together with xsltproc utility
+
+ - a locally installed Docbook XSL 4.2 or higher
+
+ - a working xmlcatalog to eliminate Web access for Docbook XSL
+
+The latter requisite is important: we do not specify local copies of
+Docbook XSL stylesheets in our XSLTs because of real nightmare in their
+location in most distributions. Fortunately, libxml2 provides standard
+way to access locally installed external resources via so-called
+'xmlcatalog' tool. It is working in RedHat, Mandrake, ALT Linux, and
+some other distributions but wasn't at the moment of this writting (Late
+March'03) in Debian.
+
+Structure
+---------
+
+smb.conf(5) sources consist of a number of XML files distributed across
+a number of subdirectories. Each subdirectory represents a group of
+smb.conf(5) parameters dedicated to one specific task as described in
+Samba's loadparm.c source file (and shown in SWAT).
+
+Each XML file in subdirectories represents one parameter description,
+together with some additional meta-information about it. Complete list
+of meta-information attributes
+
+attribute description
+-------------------------------------------------------------------
+name smb.conf(5) parameter name
+context G for global, S for services
+basic set to 1 if loadparm.c's description
+wizard includes appropriate flag for
+advanced this parameter (FLAG_BASIC,
+developer FLAG_ADVANCED, FLAG_WIZARD, FLAG_DEVELOPER)
+-------------------------------------------------------------------
+
+Main XML file for smb.conf(5) is smb.conf.5.xml. It contains a general
+stub for man page and several XML instructions to include:
+
+ - a list of global parameters (auto-generated);
+
+ - a list of service parameters (auto-generated);
+
+ - a complete list of alphabetically sorted parameters (auto-generated).
+
+XSLT stylesheets
+----------------
+
+In order to combine and build final version of smb.conf(5) we apply a
+set of XSLT stylesheets to smb.conf(5) sources. Following is the
+complete description of existing stylesheets in smb.conf(5) source tree:
+
+1. [expand-smb.conf.xsl] Main driver, produces big XML source with all
+smaller components combined. The resulted tree is then feed to Docbook
+XSL for final producing.
+
+This stylesheet performs two main transformations:
+
+ - Replaces <samba:parameter> tag by <varlistentry> one;
+
+ - Generates <term> and <anchor> tags for each <samba:parameter>.
+
+The latter step needs some explanation. We generate automatically
+<anchor> and <term> tags based on meta-information about parameter. This
+way all anchors have predictable names (capitalized parameter name with
+all spaces supressed) and we really don't need to dublicate data.
+
+There was only one exception to the generation rule in smb.conf.5.sgml:
+"use spnego" parameter had anchor SPNEGO which is now unified to
+USESPNEGO. This also fixes a bug in SWAT which was unable to find SPNEGO
+achnor.
+
+2. [generate-context.xsl] An utility stylesheet which main purpose is to
+produce a list of parameters which are applicable for selected context
+(global or service).
+
+The generate-context.xsl is run twice to generate both
+parameters.global.xml and parameters.service.xml which are included then
+by smb.conf.5.xml. This stylesheet relies on parameters.all.xml file
+which is generated by [generate-file-list.sh] shell script.
+
+The parameters.all.xml file contains a complete list of include
+instructions for XSLT processor to include all small XML files from
+subdirectories.
+
+3. [man.xsl] Our local copy of Docbook XML to man(5) transformer. It
+fixes some annoying errors in official Docbook XSL stylesheets and adds
+our tuned parameters. This file really belongs to upper level where it
+would occur later, as we'll move to Docbook XML completely.
+
+4. [split-original-smb.conf.xsl] This stylesheet isn't required anymore.
+It was used for initial split of SGML-based smb.conf.5.sgml onto a set
+of per-parameter XML files. I left it in source tree just for historical
+interest. :)
+
+Usage
+-----
+
+1. Generate [parameters.all.xml]:
+ sh generate-file-list.sh >parameters.all.xml
+
+2. Generate [parameters.global.xml]:
+ xsltproc --xinclude \
+ --param smb.context "'G'" \
+ --output parameters.global.xml \
+ generate-context.xsl parameters.all.xml
+
+3. Generate [parameters.service.xml]:
+ xsltproc --xinclude \
+ --param smb.context "'S'" \
+ --output parameters.service.xml \
+ generate-context.xsl parameters.all.xml
+
+4. Process smb.conf.5.xml (for example, to HTML):
+ xsltproc --xinclude expand-smb.conf.xsl smb.conf.5.xml | \
+ xsltproc http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl - > smb.conf.5.html
+
+Note that in step 4 we are not saving preprocessed smb.conf.5.xml to
+disk and directly passing it to the next XSLT processor (in this case --
+Docbook XML to HTML generator).
+
+For convenience, this sequence of commands is added into source tree as
+process-all.sh
+
+Current state of converted parameters
+-------------------------------------
+
+Only 'misc' parameters don't converted so far.
+
+All undocumented parameters are listed in doc-status file in of Samba's
+docs/ directory.
+
+Any help is greatly appreciated.
+
diff --git a/docs/docbook/smbdotconf/browse/browsable.xml b/docs/docbook/smbdotconf/browse/browsable.xml
new file mode 100644
index 0000000000..bd35732927
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browsable.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="browsable"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the <link linkend="BROWSEABLE">
+ <parameter moreinfo="none">browseable</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/browseable.xml b/docs/docbook/smbdotconf/browse/browseable.xml
new file mode 100644
index 0000000000..5da61cccfb
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browseable.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="browseable"
+ context="S"
+ basic="1" advanced="1" print="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether this share is seen in
+ the list of available shares in a net view and in the browse list.</para>
+
+ <para>Default: <command moreinfo="none">browseable = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/browselist.xml b/docs/docbook/smbdotconf/browse/browselist.xml
new file mode 100644
index 0000000000..17a962a3f5
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/browselist.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="browse list"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will serve a browse list to
+ a client doing a <command moreinfo="none">NetServerEnum</command> call. Normally
+ set to <constant>yes</constant>. You should never need to change
+ this.</para>
+
+ <para>Default: <command moreinfo="none">browse list = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/domainmaster.xml b/docs/docbook/smbdotconf/browse/domainmaster.xml
new file mode 100644
index 0000000000..7bd334bbb5
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/domainmaster.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="domain master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Tell <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> to enable WAN-wide browse list
+ collation. Setting this option causes <command moreinfo="none">nmbd</command> to
+ claim a special domain specific NetBIOS name that identifies
+ it as a domain master browser for its given <link linkend="WORKGROUP">
+ <parameter moreinfo="none">workgroup</parameter></link>. Local master browsers
+ in the same <parameter moreinfo="none">workgroup</parameter> on broadcast-isolated
+ subnets will give this <command moreinfo="none">nmbd</command> their local browse lists,
+ and then ask <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> for a complete copy of the browse
+ list for the whole wide area network. Browser clients will then contact
+ their local master browser, and will receive the domain-wide browse list,
+ instead of just the list for their broadcast-isolated subnet.</para>
+
+ <para>Note that Windows NT Primary Domain Controllers expect to be
+ able to claim this <parameter moreinfo="none">workgroup</parameter> specific special
+ NetBIOS name that identifies them as domain master browsers for
+ that <parameter moreinfo="none">workgroup</parameter> by default (i.e. there is no
+ way to prevent a Windows NT PDC from attempting to do this). This
+ means that if this parameter is set and <command moreinfo="none">nmbd</command> claims
+ the special name for a <parameter moreinfo="none">workgroup</parameter> before a Windows
+ NT PDC is able to do so then cross subnet browsing will behave
+ strangely and may fail.</para>
+
+ <para>If <link linkend="DOMAINLOGONS"><command moreinfo="none">domain logons = yes</command>
+ </link>, then the default behavior is to enable the <parameter moreinfo="none">domain
+ master</parameter> parameter. If <parameter moreinfo="none">domain logons</parameter> is
+ not enabled (the default setting), then neither will <parameter moreinfo="none">domain
+ master</parameter> be enabled by default.</para>
+
+ <para>Default: <command moreinfo="none">domain master = auto</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml
new file mode 100644
index 0000000000..8fb3be1603
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/enhancedbrowsing.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="enhanced browsing"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option enables a couple of enhancements to
+ cross-subnet browse propagation that have been added in Samba
+ but which are not standard in Microsoft implementations.
+ </para>
+
+ <para>The first enhancement to browse propagation consists of a regular
+ wildcard query to a Samba WINS server for all Domain Master Browsers,
+ followed by a browse synchronization with each of the returned
+ DMBs. The second enhancement consists of a regular randomised browse
+ synchronization with all currently known DMBs.</para>
+
+ <para>You may wish to disable this option if you have a problem with empty
+ workgroups not disappearing from browse lists. Due to the restrictions
+ of the browse protocols these enhancements can cause a empty workgroup
+ to stay around forever which can be annoying.</para>
+
+ <para>In general you should leave this option enabled as it makes
+ cross-subnet browse propagation much more reliable.</para>
+
+ <para>Default: <command moreinfo="none">enhanced browsing = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/lmannounce.xml b/docs/docbook/smbdotconf/browse/lmannounce.xml
new file mode 100644
index 0000000000..b18234443a
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/lmannounce.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="lm announce"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will produce Lanman announce
+ broadcasts that are needed by OS/2 clients in order for them to see
+ the Samba server in their browse list. This parameter can have three
+ values, <constant>yes</constant>, <constant>no</constant>, or
+ <constant>auto</constant>. The default is <constant>auto</constant>.
+ If set to <constant>no</constant> Samba will never produce these
+ broadcasts. If set to <constant>yes</constant> Samba will produce
+ Lanman announce broadcasts at a frequency set by the parameter
+ <parameter moreinfo="none">lm interval</parameter>. If set to <constant>auto</constant>
+ Samba will not send Lanman announce broadcasts by default but will
+ listen for them. If it hears such a broadcast on the wire it will
+ then start sending them at a frequency set by the parameter
+ <parameter moreinfo="none">lm interval</parameter>.</para>
+
+ <para>See also <link linkend="LMINTERVAL"><parameter moreinfo="none">lm interval</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">lm announce = auto</command></para>
+
+ <para>Example: <command moreinfo="none">lm announce = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/lminterval.xml b/docs/docbook/smbdotconf/browse/lminterval.xml
new file mode 100644
index 0000000000..58e4cc30ba
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/lminterval.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="lm interval"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If Samba is set to produce Lanman announce
+ broadcasts needed by OS/2 clients (see the <link linkend="LMANNOUNCE">
+ <parameter moreinfo="none">lm announce</parameter></link> parameter) then this
+ parameter defines the frequency in seconds with which they will be
+ made. If this is set to zero then no Lanman announcements will be
+ made despite the setting of the <parameter moreinfo="none">lm announce</parameter>
+ parameter.</para>
+
+ <para>See also <link linkend="LMANNOUNCE"><parameter moreinfo="none">lm announce</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">lm interval = 60</command></para>
+
+ <para>Example: <command moreinfo="none">lm interval = 120</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/localmaster.xml b/docs/docbook/smbdotconf/browse/localmaster.xml
new file mode 100644
index 0000000000..ac2626c679
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/localmaster.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="local master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option allows <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> to try and become a local master browser
+ on a subnet. If set to <constant>no</constant> then <command moreinfo="none">
+ nmbd</command> will not attempt to become a local master browser
+ on a subnet and will also lose in all browsing elections. By
+ default this value is set to <constant>yes</constant>. Setting this value to
+ <constant>yes</constant> doesn't mean that Samba will <emphasis>become</emphasis> the
+ local master browser on a subnet, just that <command moreinfo="none">nmbd</command>
+ will <emphasis>participate</emphasis> in elections for local master browser.</para>
+
+ <para>Setting this value to <constant>no</constant> will cause <command
+ moreinfo="none">nmbd</command> <emphasis>never</emphasis> to become a local
+ master browser.</para>
+
+ <para>Default: <command moreinfo="none">local master = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/oslevel.xml b/docs/docbook/smbdotconf/browse/oslevel.xml
new file mode 100644
index 0000000000..560516e3f8
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/oslevel.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="os level"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This integer value controls what level Samba
+ advertises itself as for browse elections. The value of this
+ parameter determines whether <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ has a chance of becoming a local master browser for the <parameter moreinfo="none">
+ WORKGROUP</parameter> in the local broadcast area.</para>
+
+ <para><emphasis>Note :</emphasis>By default, Samba will win
+ a local master browsing election over all Microsoft operating
+ systems except a Windows NT 4.0/2000 Domain Controller. This
+ means that a misconfigured Samba host can effectively isolate
+ a subnet for browsing purposes. See <filename moreinfo="none">BROWSING.txt
+ </filename> in the Samba <filename moreinfo="none">docs/</filename> directory
+ for details.</para>
+
+ <para>Default: <command moreinfo="none">os level = 20</command></para>
+
+ <para>Example: <command moreinfo="none">os level = 65 </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/preferedmaster.xml b/docs/docbook/smbdotconf/browse/preferedmaster.xml
new file mode 100644
index 0000000000..2e8cd938ea
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/preferedmaster.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="prefered master"
+ context="G"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="PREFERREDMASTER"><parameter moreinfo="none">
+ preferred master</parameter></link> for people who cannot spell :-).</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/browse/preferredmaster.xml b/docs/docbook/smbdotconf/browse/preferredmaster.xml
new file mode 100644
index 0000000000..31c966b4ac
--- /dev/null
+++ b/docs/docbook/smbdotconf/browse/preferredmaster.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="preferred master"
+ context="G"
+ basic="1" advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls if
+ <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> is a preferred master
+ browser for its workgroup.</para>
+
+ <para>If this is set to <constant>yes</constant>, on startup, <command moreinfo="none">nmbd</command>
+ will force an election, and it will have a slight advantage in
+ winning the election. It is recommended that this parameter is
+ used in conjunction with <command moreinfo="none"><link linkend="DOMAINMASTER">
+ <parameter moreinfo="none">domain master</parameter></link> = yes</command>, so
+ that <command moreinfo="none">nmbd</command> can guarantee becoming a domain master.</para>
+
+ <para>Use this option with caution, because if there are several
+ hosts (whether Samba servers, Windows 95 or NT) that are
+ preferred master browsers on the same subnet, they will each
+ periodically and continuously attempt to become the local
+ master browser. This will result in unnecessary broadcast
+ traffic and reduced browsing capabilities.</para>
+
+ <para>See also <link linkend="OSLEVEL"><parameter moreinfo="none">os level</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">preferred master = auto</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml
new file mode 100644
index 0000000000..06017fce59
--- /dev/null
+++ b/docs/docbook/smbdotconf/domain/machinepasswordtimeout.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="machine password timeout"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If a Samba server is a member of a Windows
+ NT Domain (see the <link linkend="SECURITYEQUALSDOMAIN">security = domain</link>)
+ parameter) then periodically a running <ulink url="smbd.8.html">
+ smbd(8)</ulink> process will try and change the MACHINE ACCOUNT
+ PASSWORD stored in the TDB called <filename moreinfo="none">private/secrets.tdb
+ </filename>. This parameter specifies how often this password
+ will be changed, in seconds. The default is one week (expressed in
+ seconds), the same as a Windows NT Domain member server.</para>
+
+ <para>See also <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>, and the <link linkend="SECURITYEQUALSDOMAIN">
+ security = domain</link>) parameter.</para>
+
+ <para>Default: <command moreinfo="none">machine password timeout = 604800</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/casesensitive.xml b/docs/docbook/smbdotconf/filename/casesensitive.xml
new file mode 100644
index 0000000000..94b20d6c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/casesensitive.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="case sensitive"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the discussion in the section <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para>
+
+ <para>Default: <command moreinfo="none">case sensitive = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/casesignames.xml b/docs/docbook/smbdotconf/filename/casesignames.xml
new file mode 100644
index 0000000000..3254b545c5
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/casesignames.xml
@@ -0,0 +1,8 @@
+<samba:parameter name="casesignames"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="CASESENSITIVE">case sensitive</link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/defaultcase.xml b/docs/docbook/smbdotconf/filename/defaultcase.xml
new file mode 100644
index 0000000000..de3ad35c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/defaultcase.xml
@@ -0,0 +1,11 @@
+<samba:parameter name="default case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">
+ NAME MANGLING</link>. Also note the <link linkend="SHORTPRESERVECASE">
+ <parameter moreinfo="none">short preserve case</parameter></link> parameter.</para>
+
+ <para>Default: <command moreinfo="none">default case = lower</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/deletevetofiles.xml b/docs/docbook/smbdotconf/filename/deletevetofiles.xml
new file mode 100644
index 0000000000..c851824b7e
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/deletevetofiles.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="delete veto files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used when Samba is attempting to
+ delete a directory that contains one or more vetoed directories
+ (see the <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link>
+ option). If this option is set to <constant>no</constant> (the default) then if a vetoed
+ directory contains any non-vetoed files or directories then the
+ directory delete will fail. This is usually what you want.</para>
+
+ <para>If this option is set to <constant>yes</constant>, then Samba
+ will attempt to recursively delete any files and directories within
+ the vetoed directory. This can be useful for integration with file
+ serving systems such as NetAtalk which create meta-files within
+ directories you might normally veto DOS/Windows users from seeing
+ (e.g. <filename moreinfo="none">.AppleDouble</filename>)</para>
+
+ <para>Setting <command moreinfo="none">delete veto files = yes</command> allows these
+ directories to be transparently deleted when the parent directory
+ is deleted (so long as the user has permissions to do so).</para>
+
+ <para>See also the <link linkend="VETOFILES"><parameter moreinfo="none">veto
+ files</parameter></link> parameter.</para>
+
+ <para>Default: <command moreinfo="none">delete veto files = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidedotfiles.xml b/docs/docbook/smbdotconf/filename/hidedotfiles.xml
new file mode 100644
index 0000000000..1728f01f8f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidedotfiles.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="hide dot files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean parameter that controls whether
+ files starting with a dot appear as hidden files.</para>
+
+ <para>Default: <command moreinfo="none">hide dot files = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidefiles.xml b/docs/docbook/smbdotconf/filename/hidefiles.xml
new file mode 100644
index 0000000000..b687fc5a1f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidefiles.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="hide files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a list of files or directories that are not
+ visible but are accessible. The DOS 'hidden' attribute is applied
+ to any files or directories that match.</para>
+
+ <para>Each entry in the list must be separated by a '/',
+ which allows spaces to be included in the entry. '*'
+ and '?' can be used to specify multiple files or directories
+ as in DOS wildcards.</para>
+
+ <para>Each entry must be a Unix path, not a DOS path and must
+ not include the Unix directory separator '/'.</para>
+
+ <para>Note that the case sensitivity option is applicable
+ in hiding files.</para>
+
+ <para>Setting this parameter will affect the performance of Samba,
+ as it will be forced to check all files and directories for a match
+ as they are scanned.</para>
+
+ <para>See also <link linkend="HIDEDOTFILES"><parameter moreinfo="none">hide
+ dot files</parameter></link>, <link linkend="VETOFILES"><parameter moreinfo="none">
+ veto files</parameter></link> and <link linkend="CASESENSITIVE">
+ <parameter moreinfo="none">case sensitive</parameter></link>.</para>
+
+ <para>Default: <emphasis>no file are hidden</emphasis></para>
+
+ <para>Example: <command moreinfo="none">hide files =
+ /.*/DesktopFolderDB/TrashFor%m/resource.frk/</command></para>
+
+ <para>The above example is based on files that the Macintosh
+ SMB client (DAVE) available from <ulink url="http://www.thursby.com">
+ Thursby</ulink> creates for internal use, and also still hides
+ all files beginning with a dot.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hidespecialfiles.xml b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml
new file mode 100644
index 0000000000..815e8ea63c
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hidespecialfiles.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="hide special files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing
+ special files such as sockets, devices and fifo's in directory
+ listings.
+ </para>
+
+ <para>Default: <command moreinfo="none">hide special files = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hideunreadable.xml b/docs/docbook/smbdotconf/filename/hideunreadable.xml
new file mode 100644
index 0000000000..f34a3a597d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hideunreadable.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="hide unreadable"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing the
+ existance of files that cannot be read. Defaults to off.</para>
+
+ <para>Default: <command moreinfo="none">hide unreadable = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml
new file mode 100644
index 0000000000..7d20296ff2
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/hideunwriteablefiles.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="hide unwriteable files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter prevents clients from seeing
+ the existance of files that cannot be written to. Defaults to off.
+ Note that unwriteable directories are shown as usual.
+ </para>
+
+ <para>Default: <command moreinfo="none">hide unwriteable = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglecase.xml b/docs/docbook/smbdotconf/filename/manglecase.xml
new file mode 100644
index 0000000000..d514375c3b
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglecase.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="mangle case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link></para>
+
+ <para>Default: <command moreinfo="none">mangle case = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangledmap.xml b/docs/docbook/smbdotconf/filename/mangledmap.xml
new file mode 100644
index 0000000000..e790fa877d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangledmap.xml
@@ -0,0 +1,26 @@
+<samba:parameter name="mangled map"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is for those who want to directly map UNIX
+ file names which cannot be represented on Windows/DOS. The mangling
+ of names is not always what is needed. In particular you may have
+ documents with file extensions that differ between DOS and UNIX.
+ For example, under UNIX it is common to use <filename moreinfo="none">.html</filename>
+ for HTML files, whereas under Windows/DOS <filename moreinfo="none">.htm</filename>
+ is more commonly used.</para>
+
+ <para>So to map <filename moreinfo="none">html</filename> to <filename moreinfo="none">htm</filename>
+ you would use:</para>
+
+ <para><command moreinfo="none">mangled map = (*.html *.htm)</command></para>
+
+ <para>One very useful case is to remove the annoying <filename moreinfo="none">;1
+ </filename> off the ends of filenames on some CDROMs (only visible
+ under some UNIXes). To do this use a map of (*;1 *;).</para>
+
+ <para>Default: <emphasis>no mangled map</emphasis></para>
+
+ <para>Example: <command moreinfo="none">mangled map = (*;1 *;)</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglednames.xml b/docs/docbook/smbdotconf/filename/manglednames.xml
new file mode 100644
index 0000000000..4ec088d16f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglednames.xml
@@ -0,0 +1,67 @@
+<samba:parameter name="mangled names"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether non-DOS names under UNIX
+ should be mapped to DOS-compatible names (&quot;mangled&quot;) and made visible,
+ or whether non-DOS names should simply be ignored.</para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for
+ details on how to control the mangling process.</para>
+
+ <para>If mangling is used then the mangling algorithm is as follows:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The first (up to) five alphanumeric characters
+ before the rightmost dot of the filename are preserved, forced
+ to upper case, and appear as the first (up to) five characters
+ of the mangled name.</para>
+ </listitem>
+
+ <listitem>
+ <para>A tilde &quot;~&quot; is appended to the first part of the mangled
+ name, followed by a two-character unique sequence, based on the
+ original root name (i.e., the original filename minus its final
+ extension). The final extension is included in the hash calculation
+ only if it contains any upper case characters or is longer than three
+ characters.</para>
+
+ <para>Note that the character to use may be specified using
+ the <link linkend="MANGLINGCHAR"><parameter moreinfo="none">mangling char</parameter>
+ </link> option, if you don't like '~'.</para>
+ </listitem>
+
+ <listitem>
+ <para>The first three alphanumeric characters of the final
+ extension are preserved, forced to upper case and appear as the
+ extension of the mangled name. The final extension is defined as that
+ part of the original filename after the rightmost dot. If there are no
+ dots in the filename, the mangled name will have no extension (except
+ in the case of &quot;hidden files&quot; - see below).</para>
+ </listitem>
+
+ <listitem>
+ <para>Files whose UNIX name begins with a dot will be
+ presented as DOS hidden files. The mangled name will be created as
+ for other filenames, but with the leading dot removed and &quot;___&quot; as
+ its extension regardless of actual original extension (that's three
+ underscores).</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>The two-digit hash value consists of upper case alphanumeric characters.</para>
+
+ <para>This algorithm can cause name collisions only if files
+ in a directory share the same first five alphanumeric characters.
+ The probability of such a clash is 1/1300.</para>
+
+ <para>The name mangling (if enabled) allows a file to be
+ copied between UNIX directories from Windows/DOS while retaining
+ the long UNIX filename. UNIX files can be renamed to a new extension
+ from Windows/DOS and will retain the same basename. Mangled names
+ do not change between sessions.</para>
+
+ <para>Default: <command moreinfo="none">mangled names = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangledstack.xml b/docs/docbook/smbdotconf/filename/mangledstack.xml
new file mode 100644
index 0000000000..42083d13a2
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangledstack.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="mangling stack"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the number of mangled names
+ that should be cached in the Samba server <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>This stack is a list of recently mangled base names
+ (extensions are only maintained if they are longer than 3 characters
+ or contains upper case characters).</para>
+
+ <para>The larger this value, the more likely it is that mangled
+ names can be successfully converted to correct long UNIX names.
+ However, large stack sizes will slow most directory accesses. Smaller
+ stacks save memory in the server (each stack element costs 256 bytes).
+ </para>
+
+ <para>It is not possible to absolutely guarantee correct long
+ filenames, so be prepared for some surprises!</para>
+
+ <para>Default: <command moreinfo="none">mangled stack = 50</command></para>
+
+ <para>Example: <command moreinfo="none">mangled stack = 100</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mangleprefix.xml b/docs/docbook/smbdotconf/filename/mangleprefix.xml
new file mode 100644
index 0000000000..5476ed1f08
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mangleprefix.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="mangling prefix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> controls the number of prefix
+ characters from the original name used when generating
+ the mangled names. A larger value will give a weaker
+ hash and therefore more name collisions. The minimum
+ value is 1 and the maximum value is 6.</para>
+
+ <para>Default: <command moreinfo="none">mangle prefix = 1</command></para>
+
+ <para>Example: <command moreinfo="none">mangle prefix = 4</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglingchar.xml b/docs/docbook/smbdotconf/filename/manglingchar.xml
new file mode 100644
index 0000000000..57c4fa2acd
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglingchar.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="mangling char"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls what character is used as
+ the <emphasis>magic</emphasis> character in <link linkend="NAMEMANGLINGSECT">name mangling</link>. The
+ default is a '~' but this may interfere with some software. Use this option to set
+ it to whatever you prefer.</para>
+
+ <para>Default: <command moreinfo="none">mangling char = ~</command></para>
+
+ <para>Example: <command moreinfo="none">mangling char = ^</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/manglingmethod.xml b/docs/docbook/smbdotconf/filename/manglingmethod.xml
new file mode 100644
index 0000000000..74366483bd
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/manglingmethod.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="mangling method"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> controls the algorithm used for the generating
+ the mangled names. Can take two different values, &quot;hash&quot; and
+ &quot;hash2&quot;. &quot;hash&quot; is the default and is the algorithm that has been
+ used in Samba for many years. &quot;hash2&quot; is a newer and considered
+ a better algorithm (generates less collisions) in the names.
+ However, many Win32 applications store the mangled names and so
+ changing to the new algorithm must not be done
+ lightly as these applications may break unless reinstalled.</para>
+
+ <para>Default: <command moreinfo="none">mangling method = hash2</command></para>
+
+ <para>Example: <command moreinfo="none">mangling method = hash</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/maparchive.xml b/docs/docbook/smbdotconf/filename/maparchive.xml
new file mode 100644
index 0000000000..b44088efe3
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/maparchive.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="map archive"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether the DOS archive attribute
+ should be mapped to the UNIX owner execute bit. The DOS archive bit
+ is set when a file has been modified since its last backup. One
+ motivation for this option it to keep Samba/your PC from making
+ any file it touches from becoming executable under UNIX. This can
+ be quite annoying for shared source code, documents, etc...</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ parameter to be set such that owner execute bit is not masked out
+ (i.e. it must include 100). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map archive = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/maphidden.xml b/docs/docbook/smbdotconf/filename/maphidden.xml
new file mode 100644
index 0000000000..4c1a932788
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/maphidden.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="map hidden"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether DOS style hidden files
+ should be mapped to the UNIX world execute bit.</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ to be set such that the world execute bit is not masked out (i.e.
+ it must include 001). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map hidden = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/mapsystem.xml b/docs/docbook/smbdotconf/filename/mapsystem.xml
new file mode 100644
index 0000000000..7fe50bb19f
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/mapsystem.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="map system"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether DOS style system files
+ should be mapped to the UNIX group execute bit.</para>
+
+ <para>Note that this requires the <parameter moreinfo="none">create mask</parameter>
+ to be set such that the group execute bit is not masked out (i.e.
+ it must include 010). See the parameter <link linkend="CREATEMASK">
+ <parameter moreinfo="none">create mask</parameter></link> for details.</para>
+
+ <para>Default: <command moreinfo="none">map system = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/preservecase.xml b/docs/docbook/smbdotconf/filename/preservecase.xml
new file mode 100644
index 0000000000..d8a4e2342d
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/preservecase.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="preserve case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> This controls if new filenames are created
+ with the case that the client passes, or if they are forced to
+ be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case
+ </parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">preserve case = yes</command></para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link> for a fuller discussion.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/shortpreservecase.xml b/docs/docbook/smbdotconf/filename/shortpreservecase.xml
new file mode 100644
index 0000000000..52c93e1370
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/shortpreservecase.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="short preserve case"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter controls if new files
+ which conform to 8.3 syntax, that is all in upper case and of
+ suitable length, are created upper case, or if they are forced
+ to be the <link linkend="DEFAULTCASE"><parameter moreinfo="none">default case
+ </parameter></link>. This option can be use with <link linkend="PRESERVECASE"><command moreinfo="none">preserve case = yes</command>
+ </link> to permit long filenames to retain their case, while short
+ names are lowered. </para>
+
+ <para>See the section on <link linkend="NAMEMANGLINGSECT">NAME MANGLING</link>.</para>
+
+ <para>Default: <command moreinfo="none">short preserve case = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/statcache.xml b/docs/docbook/smbdotconf/filename/statcache.xml
new file mode 100644
index 0000000000..ee2a48732e
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/statcache.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="stat cache"
+ context="G"
+ developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter determines if <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will use a cache in order to
+ speed up case insensitive name mappings. You should never need
+ to change this parameter.</para>
+
+ <para>Default: <command moreinfo="none">stat cache = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/stripdot.xml b/docs/docbook/smbdotconf/filename/stripdot.xml
new file mode 100644
index 0000000000..afed63a12b
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/stripdot.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="strip dot"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls whether to
+ strip trailing dots off UNIX filenames. This helps with some
+ CDROMs that have filenames ending in a single dot.</para>
+
+ <para>Default: <command moreinfo="none">strip dot = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/filename/vetooplockfiles.xml b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml
new file mode 100644
index 0000000000..e7c683a518
--- /dev/null
+++ b/docs/docbook/smbdotconf/filename/vetooplockfiles.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="veto oplock files"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only valid when the <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link>
+ parameter is turned on for a share. It allows the Samba administrator
+ to selectively turn off the granting of oplocks on selected files that
+ match a wildcarded list, similar to the wildcarded list used in the
+ <link linkend="VETOFILES"><parameter moreinfo="none">veto files</parameter></link>
+ parameter.</para>
+
+ <para>Default: <emphasis>No files are vetoed for oplock grants</emphasis></para>
+
+ <para>You might want to do this on files that you know will
+ be heavily contended for by clients. A good example of this
+ is in the NetBench SMB benchmark program, which causes heavy
+ client contention for files ending in <filename moreinfo="none">.SEM</filename>.
+ To cause Samba not to grant oplocks on these files you would use
+ the line (either in the [global] section or in the section for
+ the particular NetBench share :</para>
+
+ <para>Example: <command moreinfo="none">veto oplock files = /*.SEM/</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapadmindn.xml b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
new file mode 100644
index 0000000000..301c88df7b
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapadmindn.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="ldap admin dn"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> The <parameter moreinfo="none">ldap admin dn</parameter>
+ defines the Distinguished Name (DN) name used by Samba to
+ contact the ldap server when retreiving user account
+ information. The <parameter moreinfo="none">ldap admin
+ dn</parameter> is used in conjunction with the admin dn password
+ stored in the <filename moreinfo="none">private/secrets.tdb</filename> file.
+ See the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> man page for more
+ information on how to accmplish this.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
new file mode 100644
index 0000000000..89a75e02fd
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapdeletedn.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="ldap delete dn"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para> This parameter specifies whether a delete
+ operation in the ldapsam deletes the complete entry or only the attributes
+ specific to Samba.
+ </para>
+
+ <para>Default: <emphasis>ldap delete dn = no</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapfilter.xml b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
new file mode 100644
index 0000000000..1d0ab33d89
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapfilter.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap filter"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the RFC 2254 compliant LDAP search filter.
+ The default is to match the login name with the <constant>uid</constant>
+ attribute for all entries matching the <constant>sambaAccount</constant>
+ objectclass. Note that this filter should only return one entry.
+ </para>
+
+ <para>Default: <command moreinfo="none">ldap filter = (&amp;(uid=%u)(objectclass=sambaAccount))</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
new file mode 100644
index 0000000000..0ef6a04abf
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapmachinesuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="ldap machine suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>It specifies where machines should be added to the ldap tree.</para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
new file mode 100644
index 0000000000..8015b2fb2d
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldappasswdsync.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="ldap passwd sync"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used to define whether
+ or not Samba should sync the LDAP password with the NT
+ and LM hashes for normal accounts (NOT for
+ workstation, server or domain trusts) on a password
+ change via SAMBA.
+ </para>
+
+ <para>The <parameter moreinfo="none">ldap passwd
+ sync</parameter> can be set to one of three values: </para>
+
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">Yes</parameter> = Try
+ to update the LDAP, NT and LM passwords and update the pwdLastSet time.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">No</parameter> = Update NT and
+ LM passwords and update the pwdLastSet time.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">Only</parameter> = Only update
+ the LDAP password and let the LDAP server do the rest.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default: <command moreinfo="none">ldap passwd sync = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapport.xml b/docs/docbook/smbdotconf/ldap/ldapport.xml
new file mode 100644
index 0000000000..c00c525db0
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapport.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="ldap port"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command> option
+ at compile time.</para>
+
+ <para>This option is used to control the tcp port number used to contact
+ the <link linkend="LDAPSERVER"><parameter moreinfo="none">ldap server</parameter></link>.
+ The default is to use the stand LDAPS port 636.</para>
+
+ <para>See Also: <link linkend="LDAPSSL">ldap ssl</link></para>
+
+ <para>Default : <command moreinfo="none">ldap port = 636 ; if ldap ssl = on</command></para>
+
+ <para>Default : <command moreinfo="none">ldap port = 389 ; if ldap ssl = off</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapserver.xml b/docs/docbook/smbdotconf/ldap/ldapserver.xml
new file mode 100644
index 0000000000..e7a4c670ab
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapserver.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="ldap server"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only available if Samba has been
+ configure to include the <command moreinfo="none">--with-ldapsam</command>
+ option at compile time.</para>
+
+ <para>This parameter should contain the FQDN of the ldap directory
+ server which should be queried to locate user account information.
+ </para>
+
+ <para>Default : <command moreinfo="none">ldap server = localhost</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapssl.xml b/docs/docbook/smbdotconf/ldap/ldapssl.xml
new file mode 100644
index 0000000000..13bafdf3a7
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapssl.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="ldap ssl"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This option is used to define whether or not Samba should
+ use SSL when connecting to the ldap server
+ This is <emphasis>NOT</emphasis> related to
+ Samba's previous SSL support which was enabled by specifying the
+ <command moreinfo="none">--with-ssl</command> option to the <filename moreinfo="none">configure</filename>
+ script.</para>
+
+ <para>The <parameter moreinfo="none">ldap ssl</parameter> can be set to one of three values:</para>
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">Off</parameter> = Never
+ use SSL when querying the directory.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">Start_tls</parameter> = Use
+ the LDAPv3 StartTLS extended operation (RFC2830) for
+ communicating with the directory server.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">On</parameter> = Use SSL
+ on the ldaps port when contacting the <parameter
+ moreinfo="none">ldap server</parameter>. Only available when the
+ backwards-compatiblity <command
+ moreinfo="none">--with-ldapsam</command> option is specified
+ to configure. See <link linkend="PASSDBBACKEND"><parameter
+ moreinfo="none">passdb backend</parameter></link></para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default : <command moreinfo="none">ldap ssl = start_tls</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapsuffix.xml b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
new file mode 100644
index 0000000000..609f171096
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapsuffix.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="ldap suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Specifies where user and machine accounts are added to the
+ tree. Can be overriden by <command moreinfo="none">ldap user
+ suffix</command> and <command moreinfo="none">ldap machine
+ suffix</command>. It also used as the base dn for all ldap
+ searches. </para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldaptrustids.xml b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
new file mode 100644
index 0000000000..36bbcb2fb4
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldaptrustids.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="ldap trust ids"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+
+ <para>Normally, Samba validates each entry in the LDAP server
+ against getpwnam(). This allows LDAP to be used for Samba with
+ the unix system using NIS (for example) and also ensures that
+ Samba does not present accounts that do not otherwise exist.
+ </para>
+
+ <para>This option is used to disable this functionality, and
+ instead to rely on the presence of the appropriate attributes
+ in LDAP directly, which can result in a significant performance
+ boost in some situations. Setting this option to yes effectivly
+ assumes that the local machine is running <command
+ moreinfo="none">nss_ldap</command> against the same LDAP
+ server.</para>
+
+ <para>Default: <command moreinfo="none">ldap trust ids = No</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
new file mode 100644
index 0000000000..731fba3420
--- /dev/null
+++ b/docs/docbook/smbdotconf/ldap/ldapusersuffix.xml
@@ -0,0 +1,10 @@
+<samba:parameter name="ldap user suffix"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>It specifies where users are added to the tree.</para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/blockinglocks.xml b/docs/docbook/smbdotconf/locking/blockinglocks.xml
new file mode 100644
index 0000000000..f11d92f4f5
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/blockinglocks.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="blocking locks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the behavior
+ of <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when given a request by a client
+ to obtain a byte range lock on a region of an open file, and the
+ request has a time limit associated with it.</para>
+
+ <para>If this parameter is set and the lock range requested
+ cannot be immediately satisfied, samba will internally
+ queue the lock request, and periodically attempt to obtain
+ the lock until the timeout period expires.</para>
+
+ <para>If this parameter is set to <constant>no</constant>, then
+ samba will behave as previous versions of Samba would and
+ will fail the lock request immediately if the lock range
+ cannot be obtained.</para>
+
+ <para>Default: <command moreinfo="none">blocking locks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/cscpolicy.xml b/docs/docbook/smbdotconf/locking/cscpolicy.xml
new file mode 100644
index 0000000000..7567ed9286
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/cscpolicy.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="csc policy"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This stands for <emphasis>client-side caching
+ policy</emphasis>, and specifies how clients capable of offline
+ caching will cache the files in the share. The valid values
+ are: manual, documents, programs, disable.</para>
+
+ <para>These values correspond to those used on Windows servers.</para>
+
+ <para>For example, shares containing roaming profiles can have
+ offline caching disabled using <command
+ moreinfo="none">csc policy = disable</command>.</para>
+
+ <para>Default: <command moreinfo="none">csc policy = manual</command></para>
+
+ <para>Example: <command moreinfo="none">csc policy = programs</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/fakeoplocks.xml b/docs/docbook/smbdotconf/locking/fakeoplocks.xml
new file mode 100644
index 0000000000..b7deac68ba
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/fakeoplocks.xml
@@ -0,0 +1,31 @@
+<samba:parameter name="fake oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Oplocks are the way that SMB clients get permission
+ from a server to locally cache file operations. If a server grants
+ an oplock (opportunistic lock) then the client is free to assume
+ that it is the only one accessing the file and it will aggressively
+ cache file data. With some oplock types the client may even cache
+ file open/close operations. This can give enormous performance benefits.
+ </para>
+
+ <para>When you set <command moreinfo="none">fake oplocks = yes</command>, <citerefentry>
+ <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry> will
+ always grant oplock requests no matter how many clients are using the file.</para>
+
+ <para>It is generally much better to use the real <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link> support rather
+ than this parameter.</para>
+
+ <para>If you enable this option on all read-only shares or
+ shares that you know will only be accessed from one client at a
+ time such as physically read-only media like CDROMs, you will see
+ a big performance improvement on many operations. If you enable
+ this option on shares where multiple clients may be accessing the
+ files read-write at the same time you can get data corruption. Use
+ this option carefully!</para>
+
+ <para>Default: <command moreinfo="none">fake oplocks = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/kerneloplocks.xml b/docs/docbook/smbdotconf/locking/kerneloplocks.xml
new file mode 100644
index 0000000000..f155fddc8f
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/kerneloplocks.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="kernel oplocks"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>For UNIXes that support kernel based <link linkend="OPLOCKS">
+ <parameter moreinfo="none">oplocks</parameter></link>
+ (currently only IRIX and the Linux 2.4 kernel), this parameter
+ allows the use of them to be turned on or off.</para>
+
+ <para>Kernel oplocks support allows Samba <parameter moreinfo="none">oplocks
+ </parameter> to be broken whenever a local UNIX process or NFS operation
+ accesses a file that <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> has oplocked. This allows complete
+ data consistency between SMB/CIFS, NFS and local file access (and is
+ a <emphasis>very</emphasis> cool feature :-).</para>
+
+ <para>This parameter defaults to <constant>on</constant>, but is translated
+ to a no-op on systems that no not have the necessary kernel support.
+ You should never need to touch this parameter.</para>
+
+ <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">level2 oplocks
+ </parameter></link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">kernel oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/level2oplocks.xml b/docs/docbook/smbdotconf/locking/level2oplocks.xml
new file mode 100644
index 0000000000..c2c090b1a8
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/level2oplocks.xml
@@ -0,0 +1,41 @@
+<samba:parameter name="level2 oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls whether Samba supports
+ level2 (read-only) oplocks on a share.</para>
+
+ <para>Level2, or read-only oplocks allow Windows NT clients
+ that have an oplock on a file to downgrade from a read-write oplock
+ to a read-only oplock once a second client opens the file (instead
+ of releasing all oplocks on a second open, as in traditional,
+ exclusive oplocks). This allows all openers of the file that
+ support level2 oplocks to cache the file for read-ahead only (ie.
+ they may not cache writes or lock requests) and increases performance
+ for many accesses of files that are not commonly written (such as
+ application .EXE files).</para>
+
+ <para>Once one of the clients which have a read-only oplock
+ writes to the file all clients are notified (no reply is needed
+ or waited for) and told to break their oplocks to &quot;none&quot; and
+ delete any read-ahead caches.</para>
+
+ <para>It is recommended that this parameter be turned on to
+ speed access to shared executables.</para>
+
+ <para>For more discussions on level2 oplocks see the CIFS spec.</para>
+
+ <para>Currently, if <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel
+ oplocks</parameter></link> are supported then level2 oplocks are
+ not granted (even if this parameter is set to <constant>yes</constant>).
+ Note also, the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> parameter must be set to <constant>yes</constant> on this share in order for
+ this parameter to have any effect.</para>
+
+ <para>See also the <link linkend="OPLOCKS"><parameter moreinfo="none">oplocks</parameter>
+ </link> and <link linkend="OPLOCKS"><parameter moreinfo="none">kernel oplocks</parameter>
+ </link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">level2 oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/locking.xml b/docs/docbook/smbdotconf/locking/locking.xml
new file mode 100644
index 0000000000..8526224316
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/locking.xml
@@ -0,0 +1,27 @@
+<samba:parameter name="locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This controls whether or not locking will be
+ performed by the server in response to lock requests from the
+ client.</para>
+
+ <para>If <command moreinfo="none">locking = no</command>, all lock and unlock
+ requests will appear to succeed and all lock queries will report
+ that the file in question is available for locking.</para>
+
+ <para>If <command moreinfo="none">locking = yes</command>, real locking will be performed
+ by the server.</para>
+
+ <para>This option <emphasis>may</emphasis> be useful for read-only
+ filesystems which <emphasis>may</emphasis> not need locking (such as
+ CDROM drives), although setting this parameter of <constant>no</constant>
+ is not really recommended even in this case.</para>
+
+ <para>Be careful about disabling locking either globally or in a
+ specific service, as lack of locking may result in data corruption.
+ You should never need to set this parameter.</para>
+
+ <para>Default: <command moreinfo="none">locking = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/lockspincount.xml b/docs/docbook/smbdotconf/locking/lockspincount.xml
new file mode 100644
index 0000000000..d308f5d845
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/lockspincount.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="lock spin count"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter controls the number of times
+ that smbd should attempt to gain a byte range lock on the
+ behalf of a client request. Experiments have shown that
+ Windows 2k servers do not reply with a failure if the lock
+ could not be immediately granted, but try a few more times
+ in case the lock could later be aquired. This behavior
+ is used to support PC database formats such as MS Access
+ and FoxPro.
+ </para>
+
+ <para>Default: <command moreinfo="none">lock spin count = 2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/lockspintime.xml b/docs/docbook/smbdotconf/locking/lockspintime.xml
new file mode 100644
index 0000000000..460b2827b4
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/lockspintime.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="lock spin time"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The time in microseconds that smbd should
+ pause before attempting to gain a failed lock. See
+ <link linkend="LOCKSPINCOUNT"><parameter moreinfo="none">lock spin
+ count</parameter></link> for more details.</para>
+
+ <para>Default: <command moreinfo="none">lock spin time = 10</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml
new file mode 100644
index 0000000000..0dc130eab3
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplockbreakwaittime.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="oplock break wait time"
+ context="G"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a tuning parameter added due to bugs in
+ both Windows 9x and WinNT. If Samba responds to a client too
+ quickly when that client issues an SMB that can cause an oplock
+ break request, then the network client can fail and not respond
+ to the break request. This tuning parameter (which is set in milliseconds)
+ is the amount of time Samba will wait before sending an oplock break
+ request to such (broken) clients.</para>
+
+ <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ AND
+ UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+ <para>Default: <command moreinfo="none">oplock break wait time = 0</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml
new file mode 100644
index 0000000000..1b24e5cdec
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplockcontentionlimit.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="oplock contention limit"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a <emphasis>very</emphasis> advanced
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> tuning option to
+ improve the efficiency of the granting of oplocks under multiple
+ client contention for the same file.</para>
+
+ <para>In brief it specifies a number, which causes <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>not to grant an oplock even when requested
+ if the approximate number of clients contending for an oplock on the same file goes over this
+ limit. This causes <command moreinfo="none">smbd</command> to behave in a similar
+ way to Windows NT.</para>
+
+ <para><emphasis>DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ
+ AND UNDERSTOOD THE SAMBA OPLOCK CODE</emphasis>.</para>
+
+ <para>Default: <command moreinfo="none">oplock contention limit = 2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/oplocks.xml b/docs/docbook/smbdotconf/locking/oplocks.xml
new file mode 100644
index 0000000000..0ba53ba765
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/oplocks.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="oplocks"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean option tells <command moreinfo="none">smbd</command> whether to
+ issue oplocks (opportunistic locks) to file open requests on this
+ share. The oplock code can dramatically (approx. 30% or more) improve
+ the speed of access to files on Samba servers. It allows the clients
+ to aggressively cache files locally and you may want to disable this
+ option for unreliable network environments (it is turned on by
+ default in Windows NT Servers). For more information see the file
+ <filename moreinfo="none">Speed.txt</filename> in the Samba <filename moreinfo="none">docs/</filename>
+ directory.</para>
+
+ <para>Oplocks may be selectively turned off on certain files with a
+ share. See the <link linkend="VETOOPLOCKFILES"><parameter moreinfo="none">
+ veto oplock files</parameter></link> parameter. On some systems
+ oplocks are recognized by the underlying operating system. This
+ allows data synchronization between all access to oplocked files,
+ whether it be via Samba or NFS or a local UNIX process. See the
+ <parameter moreinfo="none">kernel oplocks</parameter> parameter for details.</para>
+
+ <para>See also the <link linkend="KERNELOPLOCKS"><parameter moreinfo="none">kernel
+ oplocks</parameter></link> and <link linkend="LEVEL2OPLOCKS"><parameter moreinfo="none">
+ level2 oplocks</parameter></link> parameters.</para>
+
+ <para>Default: <command moreinfo="none">oplocks = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/posixlocking.xml b/docs/docbook/smbdotconf/locking/posixlocking.xml
new file mode 100644
index 0000000000..c81bdcff38
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/posixlocking.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="posix locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>
+ daemon maintains an database of file locks obtained by SMB clients.
+ The default behavior is to map this internal database to POSIX
+ locks. This means that file locks obtained by SMB clients are
+ consistent with those seen by POSIX compliant applications accessing
+ the files via a non-SMB method (e.g. NFS or local file access).
+ You should never need to disable this parameter.</para>
+
+ <para>Default: <command moreinfo="none">posix locking = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/sharemodes.xml b/docs/docbook/smbdotconf/locking/sharemodes.xml
new file mode 100644
index 0000000000..529ec44106
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/sharemodes.xml
@@ -0,0 +1,28 @@
+<samba:parameter name="share modes"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This enables or disables the honoring of
+ the <parameter moreinfo="none">share modes</parameter> during a file open. These
+ modes are used by clients to gain exclusive read or write access
+ to a file.</para>
+
+ <para>These open modes are not directly supported by UNIX, so
+ they are simulated using shared memory, or lock files if your
+ UNIX doesn't support shared memory (almost all do).</para>
+
+ <para>The share modes that are enabled by this option are
+ <constant>DENY_DOS</constant>, <constant>DENY_ALL</constant>,
+ <constant>DENY_READ</constant>, <constant>DENY_WRITE</constant>,
+ <constant>DENY_NONE</constant> and <constant>DENY_FCB</constant>.
+ </para>
+
+ <para>This option gives full share compatibility and enabled
+ by default.</para>
+
+ <para>You should <emphasis>NEVER</emphasis> turn this parameter
+ off as many Windows applications will break if you do so.</para>
+
+ <para>Default: <command moreinfo="none">share modes = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/locking/strictlocking.xml b/docs/docbook/smbdotconf/locking/strictlocking.xml
new file mode 100644
index 0000000000..34c1c7fe5e
--- /dev/null
+++ b/docs/docbook/smbdotconf/locking/strictlocking.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="strict locking"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls the handling of
+ file locking in the server. When this is set to <constant>yes</constant>
+ the server will check every read and write access for file locks, and
+ deny access if locks exist. This can be slow on some systems.</para>
+
+ <para>When strict locking is <constant>no</constant> the server does file
+ lock checks only when the client explicitly asks for them.</para>
+
+ <para>Well-behaved clients always ask for lock checks when it
+ is important, so in the vast majority of cases <command moreinfo="none">strict
+ locking = no</command> is preferable.</para>
+
+ <para>Default: <command moreinfo="none">strict locking = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/abortshutdownscript.xml b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml
new file mode 100644
index 0000000000..e9a7dba792
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/abortshutdownscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="abort shutdown script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
+ This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> that
+ should stop a shutdown procedure issued by the <link linkend="SHUTDOWNSCRIPT">
+ <parameter moreinfo="none">shutdown script</parameter></link>.</para>
+
+ <para>This command will be run as user.</para>
+
+ <para>Default: <emphasis>None</emphasis>.</para>
+
+ <para>Example: <command moreinfo="none">abort shutdown script = /sbin/shutdown -c</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addgroupscript.xml b/docs/docbook/smbdotconf/logon/addgroupscript.xml
new file mode 100644
index 0000000000..25906d0889
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addgroupscript.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="add group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will be run
+ <emphasis>AS ROOT</emphasis> by <citerefentry>
+ <refentrytitle>smbd</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ when a new group is requested. It will expand any <parameter
+ moreinfo="none">%g</parameter> to the group name passed. This
+ script is only useful for installations using the Windows NT
+ domain administration tools. The script is free to create a
+ group with an arbitrary name to circumvent unix group name
+ restrictions. In that case the script must print the numeric gid
+ of the created group on stdout.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addmachinescript.xml b/docs/docbook/smbdotconf/logon/addmachinescript.xml
new file mode 100644
index 0000000000..7aef54d8b0
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addmachinescript.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="add machine script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will be run by
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when a machine is added
+ to it's domain using the administrator username and password
+ method. </para>
+
+ <para>This option is only required when using sam back-ends tied
+ to the Unix uid method of RID calculation such as smbpasswd.
+ This option is only available in Samba 3.0.</para>
+
+ <para>Default: <command moreinfo="none">add machine script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">add machine script = /usr/sbin/adduser -n -g
+ machines -c Machine -d /dev/null -s /bin/false %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/adduserscript.xml b/docs/docbook/smbdotconf/logon/adduserscript.xml
new file mode 100644
index 0000000000..34d3e7ea58
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/adduserscript.xml
@@ -0,0 +1,50 @@
+<samba:parameter name="add user script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run <emphasis>AS ROOT</emphasis> by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> under special circumstances described below.</para>
+
+ <para>Normally, a Samba server requires that UNIX users are
+ created for all users accessing files on this server. For sites
+ that use Windows NT account databases as their primary user database
+ creating these users and keeping the user list in sync with the
+ Windows NT PDC is an onerous task. This option allows <ulink url="smbd.8.html">smbd</ulink> to create the required UNIX users
+ <emphasis>ON DEMAND</emphasis> when a user accesses the Samba server.</para>
+
+ <para>In order to use this option, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must <emphasis>NOT</emphasis> be set to <parameter moreinfo="none">security = share</parameter>
+ and <parameter moreinfo="none">add user script</parameter>
+ must be set to a full pathname for a script that will create a UNIX
+ user given one argument of <parameter moreinfo="none">%u</parameter>, which expands into
+ the UNIX user name to create.</para>
+
+ <para>When the Windows user attempts to access the Samba server,
+ at login (session setup in the SMB protocol) time, <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> contacts the <parameter moreinfo="none">password server</parameter> and
+ attempts to authenticate the given user with the given password. If the
+ authentication succeeds then <command moreinfo="none">smbd</command>
+ attempts to find a UNIX user in the UNIX password database to map the
+ Windows user into. If this lookup fails, and <parameter moreinfo="none">add user script
+ </parameter> is set then <command moreinfo="none">smbd</command> will
+ call the specified script <emphasis>AS ROOT</emphasis>, expanding
+ any <parameter moreinfo="none">%u</parameter> argument to be the user name to create.</para>
+
+ <para>If this script successfully creates the user then <command moreinfo="none">smbd
+ </command> will continue on as though the UNIX user
+ already existed. In this way, UNIX users are dynamically created to
+ match existing Windows NT accounts.</para>
+
+ <para>See also <link linkend="SECURITY"><parameter moreinfo="none">
+ security</parameter></link>, <link linkend="PASSWORDSERVER">
+ <parameter moreinfo="none">password server</parameter></link>,
+ <link linkend="DELETEUSERSCRIPT"><parameter moreinfo="none">delete user
+ script</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">add user script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">add user script = /usr/local/samba/bin/add_user %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/addusertogroupscript.xml b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml
new file mode 100644
index 0000000000..ed17b9c0d9
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/addusertogroupscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="add user to group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Full path to the script that will be called when
+ a user is added to a group using the Windows NT domain administration
+ tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>.
+ Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
+ any <parameter moreinfo="none">%u</parameter> will be replaced with the user name.
+ </para>
+
+ <para>Default: <command moreinfo="none">add user to group script = </command></para>
+
+ <para>Example: <command moreinfo="none">add user to group script = /usr/sbin/adduser %u %g</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deletegroupscript.xml b/docs/docbook/smbdotconf/logon/deletegroupscript.xml
new file mode 100644
index 0000000000..2e78c6ae7d
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deletegroupscript.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="delete group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run <emphasis>AS ROOT</emphasis> <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when a group is requested to be deleted.
+ It will expand any <parameter moreinfo="none">%g</parameter> to the group name passed.
+ This script is only useful for installations using the Windows NT domain administration tools.
+ </para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml
new file mode 100644
index 0000000000..76594c75d8
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deleteuserfromgroupscript.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="delete user from group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Full path to the script that will be called when
+ a user is removed from a group using the Windows NT domain administration
+ tools. It will be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> <emphasis>AS ROOT</emphasis>.
+ Any <parameter moreinfo="none">%g</parameter> will be replaced with the group name and
+ any <parameter moreinfo="none">%u</parameter> will be replaced with the user name.
+ </para>
+
+ <para>Default: <command moreinfo="none">delete user from group script = </command></para>
+
+ <para>Example: <command moreinfo="none">delete user from group script = /usr/sbin/deluser %u %g</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/deleteuserscript.xml b/docs/docbook/smbdotconf/logon/deleteuserscript.xml
new file mode 100644
index 0000000000..233844555b
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/deleteuserscript.xml
@@ -0,0 +1,22 @@
+<samba:parameter name="delete user script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is the full pathname to a script that will
+ be run by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when managing users
+ with remote RPC (NT) tools.
+ </para>
+
+ <para>This script is called when a remote client removes a user
+ from the server, normally using 'User Manager for Domains' or
+ <command moreinfo="none">rpcclient</command>.</para>
+
+ <para>This script should delete the given UNIX username.</para>
+
+ <para>Default: <command moreinfo="none">delete user script = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">delete user script = /usr/local/samba/bin/del_user %u</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/domainlogons.xml b/docs/docbook/smbdotconf/logon/domainlogons.xml
new file mode 100644
index 0000000000..e45621e553
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/domainlogons.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="domain logons"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>If set to <constant>yes</constant>, the Samba server will serve
+ Windows 95/98 Domain logons for the <link linkend="WORKGROUP">
+ <parameter moreinfo="none">workgroup</parameter></link> it is in. Samba 2.2
+ has limited capability to act as a domain controller for Windows
+ NT 4 Domains. For more details on setting up this feature see
+ the Samba-PDC-HOWTO included in the Samba documentation.</para>
+
+ <para>Default: <command moreinfo="none">domain logons = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logondrive.xml b/docs/docbook/smbdotconf/logon/logondrive.xml
new file mode 100644
index 0000000000..8c6be709bf
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logondrive.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="logon drive"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the local path to
+ which the home directory will be connected (see <link linkend="LOGONHOME">
+ <parameter moreinfo="none">logon home</parameter></link>)
+ and is only used by NT Workstations. </para>
+
+ <para>Note that this option is only useful if Samba is set up as a
+ logon server.</para>
+
+ <para>Default: <command moreinfo="none">logon drive = z:</command></para>
+
+ <para>Example: <command moreinfo="none">logon drive = h:</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonhome.xml b/docs/docbook/smbdotconf/logon/logonhome.xml
new file mode 100644
index 0000000000..05c69524c2
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonhome.xml
@@ -0,0 +1,45 @@
+<samba:parameter name="logon home"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the home directory
+ location when a Win95/98 or NT Workstation logs into a Samba PDC.
+ It allows you to do </para>
+
+ <para><prompt moreinfo="none">C:\&gt;</prompt>
+ <userinput moreinfo="none">NET USE H: /HOME</userinput>
+ </para>
+
+ <para>from a command prompt, for example.</para>
+
+ <para>This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or machine.</para>
+
+ <para>This parameter can be used with Win9X workstations to ensure
+ that roaming profiles are stored in a subdirectory of the user's
+ home directory. This is done in the following way:</para>
+
+ <para><command moreinfo="none">logon home = \\%N\%U\profile</command></para>
+
+ <para>This tells Samba to return the above string, with
+ substitutions made when a client requests the info, generally
+ in a NetUserGetInfo request. Win9X clients truncate the info to
+ \\server\share when a user does <command moreinfo="none">net use /home</command>
+ but use the whole string when dealing with profiles.</para>
+
+ <para>Note that in prior versions of Samba, the <link linkend="LOGONPATH">
+ <parameter moreinfo="none">logon path</parameter></link> was returned rather than
+ <parameter moreinfo="none">logon home</parameter>. This broke <command
+ moreinfo="none">net use /home</command> but allowed profiles outside the home directory.
+ The current implementation is correct, and can be used for profiles if you use
+ the above trick.</para>
+
+ <para>This option is only useful if Samba is set up as a logon
+ server.</para>
+
+ <para>Default: <command moreinfo="none">logon home = &quot;\\%N\%U&quot;</command></para>
+
+ <para>Example: <command moreinfo="none">logon home = &quot;\\remote_smb_server\%U&quot;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonpath.xml b/docs/docbook/smbdotconf/logon/logonpath.xml
new file mode 100644
index 0000000000..9abcf0d702
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonpath.xml
@@ -0,0 +1,49 @@
+<samba:parameter name="logon path"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the home directory
+ where roaming profiles (NTuser.dat etc files for Windows NT) are
+ stored. Contrary to previous versions of these manual pages, it has
+ nothing to do with Win 9X roaming profiles. To find out how to
+ handle roaming profiles for Win 9X system, see the <link linkend="LOGONHOME">
+ <parameter moreinfo="none">logon home</parameter></link> parameter.</para>
+
+ <para>This option takes the standard substitutions, allowing you
+ to have separate logon scripts for each user or machine. It also
+ specifies the directory from which the &quot;Application Data&quot;,
+ (<filename moreinfo="none">desktop</filename>, <filename moreinfo="none">start menu</filename>,
+ <filename moreinfo="none">network neighborhood</filename>, <filename moreinfo="none">programs</filename>
+ and other folders, and their contents, are loaded and displayed on
+ your Windows NT client.</para>
+
+ <para>The share and the path must be readable by the user for
+ the preferences and directories to be loaded onto the Windows NT
+ client. The share must be writeable when the user logs in for the first
+ time, in order that the Windows NT client can create the NTuser.dat
+ and other directories.</para>
+
+ <para>Thereafter, the directories and any of the contents can,
+ if required, be made read-only. It is not advisable that the
+ NTuser.dat file be made read-only - rename it to NTuser.man to
+ achieve the desired effect (a <emphasis>MAN</emphasis>datory
+ profile). </para>
+
+ <para>Windows clients can sometimes maintain a connection to
+ the [homes] share, even though there is no user logged in.
+ Therefore, it is vital that the logon path does not include a
+ reference to the homes share (i.e. setting this parameter to
+ \%N\%U\profile_path will cause problems).</para>
+
+ <para>This option takes the standard substitutions, allowing
+ you to have separate logon scripts for each user or machine.</para>
+
+ <para>Note that this option is only useful if Samba is set up
+ as a logon server.</para>
+
+ <para>Default: <command moreinfo="none">logon path = \\%N\%U\profile</command></para>
+
+ <para>Example: <command moreinfo="none">logon path = \\PROFILESERVER\PROFILE\%U</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/logonscript.xml b/docs/docbook/smbdotconf/logon/logonscript.xml
new file mode 100644
index 0000000000..65b6253c0c
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/logonscript.xml
@@ -0,0 +1,44 @@
+<samba:parameter name="logon script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the batch file (.bat) or
+ NT command file (.cmd) to be downloaded and run on a machine when
+ a user successfully logs in. The file must contain the DOS
+ style CR/LF line endings. Using a DOS-style editor to create the
+ file is recommended.</para>
+
+ <para>The script must be a relative path to the [netlogon]
+ service. If the [netlogon] service specifies a <link linkend="PATH">
+ <parameter moreinfo="none">path</parameter></link> of <filename
+ moreinfo="none">/usr/local/samba/netlogon</filename>, and <command
+ moreinfo="none">logon script = STARTUP.BAT</command>, then
+ the file that will be downloaded is:</para>
+
+ <para><filename moreinfo="none">/usr/local/samba/netlogon/STARTUP.BAT</filename></para>
+
+ <para>The contents of the batch file are entirely your choice. A
+ suggested command would be to add <command moreinfo="none">NET TIME \\SERVER /SET
+ /YES</command>, to force every machine to synchronize clocks with
+ the same time server. Another use would be to add <command moreinfo="none">NET USE
+ U: \\SERVER\UTILS</command> for commonly used utilities, or <command moreinfo="none">
+ NET USE Q: \\SERVER\ISO9001_QA</command> for example.</para>
+
+ <para>Note that it is particularly important not to allow write
+ access to the [netlogon] share, or to grant users write permission
+ on the batch files in a secure environment, as this would allow
+ the batch files to be arbitrarily modified and security to be
+ breached.</para>
+
+ <para>This option takes the standard substitutions, allowing you
+ to have separate logon scripts for each user or machine.</para>
+
+ <para>This option is only useful if Samba is set up as a logon
+ server.</para>
+
+ <para>Default: <emphasis>no logon script defined</emphasis></para>
+
+ <para>Example: <command moreinfo="none">logon script = scripts\%U.bat</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml
new file mode 100644
index 0000000000..c19c307417
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/setprimarygroupscript.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="set primary group script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+
+ <para>Thanks to the Posix subsystem in NT a Windows User has a
+ primary group in addition to the auxiliary groups. This script
+ sets the primary group in the unix userdatase when an
+ administrator sets the primary group from the windows user
+ manager or when fetching a SAM with <command>net rpc
+ vampire</command>. <parameter>%u</parameter> will be replaced
+ with the user whose primary group is to be set.
+ <parameter>%g</parameter> will be replaced with the group to
+ set.</para>
+
+ <para>Default: <emphasis>No default value</emphasis></para>
+
+ <para>Example: <command>set primary group script = /usr/sbin/usermod -g '%g' '%u'</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/logon/shutdownscript.xml b/docs/docbook/smbdotconf/logon/shutdownscript.xml
new file mode 100644
index 0000000000..0eaffea747
--- /dev/null
+++ b/docs/docbook/smbdotconf/logon/shutdownscript.xml
@@ -0,0 +1,59 @@
+<samba:parameter name="shutdown script"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para><emphasis>This parameter only exists in the HEAD cvs branch</emphasis>
+ This a full path name to a script called by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> that should start a shutdown procedure.</para>
+
+ <para>This command will be run as the user connected to the server.</para>
+
+ <para>%m %t %r %f parameters are expanded:</para>
+
+ <itemizedlist>
+ <listitem>
+ <para><parameter moreinfo="none">%m</parameter> will be substituted with the
+ shutdown message sent to the server.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%t</parameter> will be substituted with the
+ number of seconds to wait before effectively starting the
+ shutdown procedure.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%r</parameter> will be substituted with the
+ switch <emphasis>-r</emphasis>. It means reboot after shutdown
+ for NT.</para>
+ </listitem>
+
+ <listitem>
+ <para><parameter moreinfo="none">%f</parameter> will be substituted with the
+ switch <emphasis>-f</emphasis>. It means force the shutdown
+ even if applications do not respond for NT.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Default: <emphasis>None</emphasis>.</para>
+
+ <para>Example: <command moreinfo="none">abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f</command></para>
+
+ <para>Shutdown script example:
+<programlisting format="linespecific">
+#!/bin/bash
+
+$time=0
+let &quot;time/60&quot;
+let &quot;time++&quot;
+
+/sbin/shutdown $3 $4 +$time $1 &amp;
+</programlisting>
+Shutdown does not return so we need to launch it in background.
+</para>
+
+ <para>See also <link linkend="ABORTSHUTDOWNSCRIPT">
+ <parameter moreinfo="none">abort shutdown script</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/addprintercommand.xml b/docs/docbook/smbdotconf/printing/addprintercommand.xml
new file mode 100644
index 0000000000..63b3f567b1
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/addprintercommand.xml
@@ -0,0 +1,63 @@
+<samba:parameter name="addprinter command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printing
+ support for Windows NT/2000 clients in Samba 2.2, The MS Add
+ Printer Wizard (APW) icon is now also available in the
+ &quot;Printers...&quot; folder displayed a share listing. The APW
+ allows for printers to be add remotely to a Samba or Windows
+ NT/2000 print server.</para>
+
+ <para>For a Samba host this means that the printer must be
+ physically added to the underlying printing system. The <parameter moreinfo="none">add
+ printer command</parameter> defines a script to be run which
+ will perform the necessary operations for adding the printer
+ to the print system and to add the appropriate service definition
+ to the <filename moreinfo="none">smb.conf</filename> file in order that it can be
+ shared by <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>The <parameter moreinfo="none">addprinter command</parameter> is
+ automatically invoked with the following parameter (in
+ order):</para>
+
+ <itemizedlist>
+ <listitem><para><parameter moreinfo="none">printer name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">share name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">port name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">driver name</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">location</parameter></para></listitem>
+ <listitem><para><parameter moreinfo="none">Windows 9x driver location</parameter></para></listitem>
+ </itemizedlist>
+
+ <para>All parameters are filled in from the PRINTER_INFO_2 structure sent
+ by the Windows NT/2000 client with one exception. The &quot;Windows 9x
+ driver location&quot; parameter is included for backwards compatibility
+ only. The remaining fields in the structure are generated from answers
+ to the APW questions.</para>
+
+ <para>Once the <parameter moreinfo="none">addprinter command</parameter> has
+ been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
+ smb.conf</filename> to determine if the share defined by the APW
+ exists. If the sharename is still invalid, then <command moreinfo="none">smbd
+ </command> will return an ACCESS_DENIED error to the client.</para>
+
+ <para>
+ The &quot;add printer command&quot; program can output a single line of text,
+ which Samba will set as the port the new printer is connected to.
+ If this line isn't output, Samba won't reload its printer shares.
+ </para>
+
+ <para>See also <link linkend="DELETEPRINTERCOMMAND"><parameter moreinfo="none">
+ deleteprinter command</parameter></link>, <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link>,
+ <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add
+ printer wizard</parameter></link></para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+
+ <para>Example: <command moreinfo="none">addprinter command = /usr/bin/addprinter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/defaultdevmode.xml b/docs/docbook/smbdotconf/printing/defaultdevmode.xml
new file mode 100644
index 0000000000..1f14b21f5f
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/defaultdevmode.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="default devmode"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter is only applicable to <link linkend="PRINTOK">printable</link> services.
+ When smbd is serving Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba
+ server has a Device Mode which defines things such as paper size and
+ orientation and duplex settings. The device mode can only correctly be
+ generated by the printer driver itself (which can only be executed on a
+ Win32 platform). Because smbd is unable to execute the driver code
+ to generate the device mode, the default behavior is to set this field
+ to NULL.
+ </para>
+
+ <para>Most problems with serving printer drivers to Windows NT/2k/XP clients
+ can be traced to a problem with the generated device mode. Certain drivers
+ will do things such as crashing the client's Explorer.exe with a NULL devmode.
+ However, other printer drivers can cause the client's spooler service
+ (spoolsv.exe) to die if the devmode was not created by the driver itself
+ (i.e. smbd generates a default devmode).
+ </para>
+
+ <para>This parameter should be used with care and tested with the printer
+ driver in question. It is better to leave the device mode to NULL
+ and let the Windows client set the correct values. Because drivers do not
+ do this all the time, setting <command moreinfo="none">default devmode = yes</command>
+ will instruct smbd to generate a default one.
+ </para>
+
+ <para>For more information on Windows NT/2k printing and Device Modes,
+ see the <ulink url="http://msdn.microsoft.com/">MSDN documentation</ulink>.
+ </para>
+
+ <para>Default: <command moreinfo="none">default devmode = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/deleteprintercommand.xml b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml
new file mode 100644
index 0000000000..864f75168d
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/deleteprintercommand.xml
@@ -0,0 +1,38 @@
+<samba:parameter name="deleteprinter command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printer
+ support for Windows NT/2000 clients in Samba 2.2, it is now
+ possible to delete printer at run time by issuing the
+ DeletePrinter() RPC call.</para>
+
+ <para>For a Samba host this means that the printer must be
+ physically deleted from underlying printing system. The <parameter moreinfo="none">
+ deleteprinter command</parameter> defines a script to be run which
+ will perform the necessary operations for removing the printer
+ from the print system and from <filename moreinfo="none">smb.conf</filename>.
+ </para>
+
+ <para>The <parameter moreinfo="none">deleteprinter command</parameter> is
+ automatically called with only one parameter: <parameter moreinfo="none">
+ &quot;printer name&quot;</parameter>.</para>
+
+ <para>Once the <parameter moreinfo="none">deleteprinter command</parameter> has
+ been executed, <command moreinfo="none">smbd</command> will reparse the <filename moreinfo="none">
+ smb.conf</filename> to associated printer no longer exists.
+ If the sharename is still valid, then <command moreinfo="none">smbd
+ </command> will return an ACCESS_DENIED error to the client.</para>
+
+ <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">
+ addprinter command</parameter></link>, <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link>,
+ <link linkend="SHOWADDPRINTERWIZARD"><parameter moreinfo="none">show add
+ printer wizard</parameter></link></para>
+
+ <para>Default: <emphasis>none</emphasis></para>
+
+ <para>Example: <command moreinfo="none">deleteprinter command = /usr/bin/removeprinter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/enumportscommand.xml b/docs/docbook/smbdotconf/printing/enumportscommand.xml
new file mode 100644
index 0000000000..7cdf0cc370
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/enumportscommand.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="enumports command"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The concept of a &quot;port&quot; is fairly foreign
+ to UNIX hosts. Under Windows NT/2000 print servers, a port
+ is associated with a port monitor and generally takes the form of
+ a local port (i.e. LPT1:, COM1:, FILE:) or a remote port
+ (i.e. LPD Port Monitor, etc...). By default, Samba has only one
+ port defined--<constant>&quot;Samba Printer Port&quot;</constant>. Under
+ Windows NT/2000, all printers must have a valid port name.
+ If you wish to have a list of ports displayed (<command moreinfo="none">smbd
+ </command> does not use a port name for anything) other than
+ the default <constant>&quot;Samba Printer Port&quot;</constant>, you
+ can define <parameter moreinfo="none">enumports command</parameter> to point to
+ a program which should generate a list of ports, one per line,
+ to standard output. This listing will then be used in response
+ to the level 1 and 2 EnumPorts() RPC.</para>
+
+ <para>Default: <emphasis>no enumports command</emphasis></para>
+
+ <para>Example: <command moreinfo="none">enumports command = /usr/bin/listports</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/lppausecommand.xml b/docs/docbook/smbdotconf/printing/lppausecommand.xml
new file mode 100644
index 0000000000..15c5aca990
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/lppausecommand.xml
@@ -0,0 +1,43 @@
+<samba:parameter name="lppause command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to stop printing or spooling
+ a specific print job.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name and job number to pause the print job. One way
+ of implementing this is by using job priorities, where jobs
+ having a too low priority won't be sent to the printer.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with
+ the job number (an integer). On HPUX (see <parameter moreinfo="none">printing=hpux
+ </parameter>), if the <parameter moreinfo="none">-p%p</parameter> option is added
+ to the lpq command, the job will show up with the correct status, i.e.
+ if the job priority is lower than the set fence priority it will
+ have the PAUSED status, whereas if the priority is equal or higher it
+ will have the SPOOLED or PRINTING status.</para>
+
+ <para>Note that it is good practice to include the absolute path
+ in the lppause command as the PATH may not be available to the server.</para>
+
+ <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing
+ </parameter></link> parameter.</para>
+
+ <para>Default: Currently no default value is given to
+ this string, unless the value of the <parameter moreinfo="none">printing</parameter>
+ parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+ <para><command moreinfo="none">lp -i %p-%j -H hold</command></para>
+
+ <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter
+ is <constant>SOFTQ</constant>, then the default is:</para>
+
+ <para><command moreinfo="none">qstat -s -j%j -h</command></para>
+
+ <para>Example for HPUX: <command moreinfo="none">lppause command = /usr/bin/lpalt %p-%j -p0</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/lpresumecommand.xml b/docs/docbook/smbdotconf/printing/lpresumecommand.xml
new file mode 100644
index 0000000000..ae3241bfa9
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/lpresumecommand.xml
@@ -0,0 +1,39 @@
+<samba:parameter name="lpresume command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to restart or continue
+ printing or spooling a specific print job.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name and job number to resume the print job. See
+ also the <link linkend="LPPAUSECOMMAND"><parameter moreinfo="none">lppause command
+ </parameter></link> parameter.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. A <parameter moreinfo="none">%j</parameter> is replaced with
+ the job number (an integer).</para>
+
+ <para>Note that it is good practice to include the absolute path
+ in the <parameter moreinfo="none">lpresume command</parameter> as the PATH may not
+ be available to the server.</para>
+
+ <para>See also the <link linkend="PRINTING"><parameter moreinfo="none">printing
+ </parameter></link> parameter.</para>
+
+ <para>Default: Currently no default value is given
+ to this string, unless the value of the <parameter moreinfo="none">printing</parameter>
+ parameter is <constant>SYSV</constant>, in which case the default is :</para>
+
+ <para><command moreinfo="none">lp -i %p-%j -H resume</command></para>
+
+ <para>or if the value of the <parameter moreinfo="none">printing</parameter> parameter
+ is <constant>SOFTQ</constant>, then the default is:</para>
+
+ <para><command moreinfo="none">qstat -s -j%j -r</command></para>
+
+ <para>Example for HPUX: <command moreinfo="none">lpresume command = /usr/bin/lpalt %p-%j -p2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/os2drivermap.xml b/docs/docbook/smbdotconf/printing/os2drivermap.xml
new file mode 100644
index 0000000000..478031c7b9
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/os2drivermap.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="os2 driver map"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The parameter is used to define the absolute
+ path to a file containing a mapping of Windows NT printer driver
+ names to OS/2 printer driver names. The format is:</para>
+
+ <para>&lt;nt driver name&gt; = &lt;os2 driver name&gt;.&lt;device name&gt;</para>
+
+ <para>For example, a valid entry using the HP LaserJet 5
+ printer driver would appear as <command moreinfo="none">HP LaserJet 5L = LASERJET.HP
+ LaserJet 5L</command>.</para>
+
+ <para>The need for the file is due to the printer driver namespace
+ problem described in the <ulink url="printing.html">Samba
+ Printing HOWTO</ulink>. For more details on OS/2 clients, please
+ refer to the OS2-Client-HOWTO containing in the Samba documentation.</para>
+
+ <para>Default: <command moreinfo="none">os2 driver map = &lt;empty string&gt;</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printer.xml b/docs/docbook/smbdotconf/printing/printer.xml
new file mode 100644
index 0000000000..0a9611ee03
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printer.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="printer"
+ context="S"
+ hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Synonym for <link linkend="PRINTERNAME"><parameter moreinfo="none">
+ printer name</parameter></link>.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printername.xml b/docs/docbook/smbdotconf/printing/printername.xml
new file mode 100644
index 0000000000..9f76a673ad
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printername.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="printer name"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the name of the printer
+ to which print jobs spooled through a printable service will be sent.</para>
+
+ <para>If specified in the [global] section, the printer
+ name given will be used for any printable service that does
+ not have its own printer name specified.</para>
+
+ <para>Default: <emphasis>none (but may be <constant>lp</constant>
+ on many systems)</emphasis></para>
+
+ <para>Example: <command moreinfo="none">printer name = laserwriter</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/printing.xml b/docs/docbook/smbdotconf/printing/printing.xml
new file mode 100644
index 0000000000..633666eea7
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/printing.xml
@@ -0,0 +1,31 @@
+<samba:parameter name="printing"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameters controls how printer status information is
+ interpreted on your system. It also affects the default values for
+ the <parameter moreinfo="none">print command</parameter>, <parameter
+ moreinfo="none">lpq command</parameter>, <parameter
+ moreinfo="none">lppause command </parameter>, <parameter
+ moreinfo="none">lpresume command</parameter>, and <parameter
+ moreinfo="none">lprm command</parameter> if specified in the
+ [global] section.</para>
+
+ <para>Currently nine printing styles are supported. They are
+ <constant>BSD</constant>, <constant>AIX</constant>,
+ <constant>LPRNG</constant>, <constant>PLP</constant>,
+ <constant>SYSV</constant>, <constant>HPUX</constant>,
+ <constant>QNX</constant>, <constant>SOFTQ</constant>,
+ and <constant>CUPS</constant>.</para>
+
+ <para>To see what the defaults are for the other print
+ commands when using the various options use the <citerefentry><refentrytitle>testparm</refentrytitle>
+ <manvolnum>1</manvolnum></citerefentry> program.</para>
+
+ <para>This option can be set on a per printer basis</para>
+
+ <para>See also the discussion in the <link linkend="PRINTERSSECT">
+ [printers]</link> section.</para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/queuepausecommand.xml b/docs/docbook/smbdotconf/printing/queuepausecommand.xml
new file mode 100644
index 0000000000..13741a0e7f
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/queuepausecommand.xml
@@ -0,0 +1,29 @@
+<samba:parameter name="queuepause command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to pause the printer queue.</para>
+
+ <para>This command should be a program or script which takes
+ a printer name as its only parameter and stops the printer queue,
+ such that no longer jobs are submitted to the printer.</para>
+
+ <para>This command is not supported by Windows for Workgroups,
+ but can be issued from the Printers window under Windows 95
+ and NT.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. Otherwise it is placed at the end of the command.
+ </para>
+
+ <para>Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to the
+ server.</para>
+
+ <para>Default: <emphasis>depends on the setting of <parameter moreinfo="none">printing</parameter></emphasis></para>
+
+ <para>Example: <command moreinfo="none">queuepause command = disable %p</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/queueresumecommand.xml b/docs/docbook/smbdotconf/printing/queueresumecommand.xml
new file mode 100644
index 0000000000..23f6702192
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/queueresumecommand.xml
@@ -0,0 +1,33 @@
+<samba:parameter name="queueresume command"
+ context="S"
+ print="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the command to be
+ executed on the server host in order to resume the printer queue. It
+ is the command to undo the behavior that is caused by the
+ previous parameter (<link linkend="QUEUEPAUSECOMMAND"><parameter moreinfo="none">
+ queuepause command</parameter></link>).</para>
+
+ <para>This command should be a program or script which takes
+ a printer name as its only parameter and resumes the printer queue,
+ such that queued jobs are resubmitted to the printer.</para>
+
+ <para>This command is not supported by Windows for Workgroups,
+ but can be issued from the Printers window under Windows 95
+ and NT.</para>
+
+ <para>If a <parameter moreinfo="none">%p</parameter> is given then the printer name
+ is put in its place. Otherwise it is placed at the end of the
+ command.</para>
+
+ <para>Note that it is good practice to include the absolute
+ path in the command as the PATH may not be available to the
+ server.</para>
+
+ <para>Default: <emphasis>depends on the setting of <link linkend="PRINTING">
+ <parameter moreinfo="none">printing</parameter></link></emphasis></para>
+
+ <para>Example: <command moreinfo="none">queuepause command = enable %p</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml
new file mode 100644
index 0000000000..5a0d5c8877
--- /dev/null
+++ b/docs/docbook/smbdotconf/printing/showaddprinterwizard.xml
@@ -0,0 +1,35 @@
+<samba:parameter name="show add printer wizard"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>With the introduction of MS-RPC based printing support
+ for Windows NT/2000 client in Samba 2.2, a &quot;Printers...&quot; folder will
+ appear on Samba hosts in the share listing. Normally this folder will
+ contain an icon for the MS Add Printer Wizard (APW). However, it is
+ possible to disable this feature regardless of the level of privilege
+ of the connected user.</para>
+
+ <para>Under normal circumstances, the Windows NT/2000 client will
+ open a handle on the printer server with OpenPrinterEx() asking for
+ Administrator privileges. If the user does not have administrative
+ access on the print server (i.e is not root or a member of the
+ <parameter moreinfo="none">printer admin</parameter> group), the OpenPrinterEx()
+ call fails and the client makes another open call with a request for
+ a lower privilege level. This should succeed, however the APW
+ icon will not be displayed.</para>
+
+ <para>Disabling the <parameter moreinfo="none">show add printer wizard</parameter>
+ parameter will always cause the OpenPrinterEx() on the server
+ to fail. Thus the APW icon will never be displayed. <emphasis>
+ Note :</emphasis>This does not prevent the same user from having
+ administrative privilege on an individual printer.</para>
+
+ <para>See also <link linkend="ADDPRINTERCOMMAND"><parameter moreinfo="none">addprinter
+ command</parameter></link>, <link linkend="DELETEPRINTERCOMMAND">
+ <parameter moreinfo="none">deleteprinter command</parameter></link>, <link linkend="PRINTERADMIN">
+ <parameter moreinfo="none">printer admin</parameter></link></para>
+
+ <para>Default :<command moreinfo="none">show add printer wizard = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/security/encryptpasswords.xml b/docs/docbook/smbdotconf/security/encryptpasswords.xml
new file mode 100644
index 0000000000..20b9353648
--- /dev/null
+++ b/docs/docbook/smbdotconf/security/encryptpasswords.xml
@@ -0,0 +1,24 @@
+<samba:parameter name="encrypt passwords"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean controls whether encrypted passwords
+ will be negotiated with the client. Note that Windows NT 4.0 SP3 and
+ above and also Windows 98 will by default expect encrypted passwords
+ unless a registry entry is changed. To use encrypted passwords in
+ Samba see the chapter "User Database" in the Samba HOWTO Collection. </para>
+
+ <para>In order for encrypted passwords to work correctly
+ <citerefentry><refentrytitle>smbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> must either
+ have access to a local <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>5</manvolnum></citerefentry> file (see the <citerefentry><refentrytitle>smbpasswd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> program for information on how to set up
+ and maintain this file), or set the <link linkend="SECURITY">security = [server|domain|ads]</link> parameter which
+ causes <command moreinfo="none">smbd</command> to authenticate against another
+ server.</para>
+
+ <para>Default: <command moreinfo="none">encrypt passwords = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/hostmsdfs.xml b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml
new file mode 100644
index 0000000000..c843969e50
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/hostmsdfs.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="host msdfs"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter is only available
+ if Samba has been configured and compiled with the <command moreinfo="none">
+ --with-msdfs</command> option. If set to <constant>yes</constant>,
+ Samba will act as a Dfs server, and allow Dfs-aware clients
+ to browse Dfs trees hosted on the server.</para>
+
+ <para>See also the <link linkend="MSDFSROOT"><parameter moreinfo="none">
+ msdfs root</parameter></link> share level parameter. For
+ more information on setting up a Dfs tree on Samba,
+ refer to <ulink url="msdfs_setup.html">msdfs_setup.html</ulink>.
+ </para>
+
+ <para>Default: <command moreinfo="none">host msdfs = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/msdfsproxy.xml b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml
new file mode 100644
index 0000000000..c16968fda7
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/msdfsproxy.xml
@@ -0,0 +1,18 @@
+<samba:parameter name="msdfs proxy"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter indicates that the share is a
+ stand-in for another CIFS share whose location is specified by
+ the value of the parameter. When clients attempt to connect to
+ this share, they are redirected to the proxied share using
+ the SMB-Dfs protocol.</para>
+
+ <para>Only Dfs roots can act as proxy shares. Take a look at the
+ <link linkend="MSDFSROOT"><parameter moreinfo="none">msdfs root</parameter></link>
+ and <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link>
+ options to find out how to set up a Dfs root share.</para>
+
+ <para>Example: <command moreinfo="none">msdfs proxy = \\\\otherserver\\someshare</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/msdfsroot.xml b/docs/docbook/smbdotconf/vfs/msdfsroot.xml
new file mode 100644
index 0000000000..35142ff037
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/msdfsroot.xml
@@ -0,0 +1,20 @@
+<samba:parameter name="msdfs root"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean parameter is only available if
+ Samba is configured and compiled with the <command moreinfo="none">
+ --with-msdfs</command> option. If set to <constant>yes</constant>,
+ Samba treats the share as a Dfs root and allows clients to browse
+ the distributed file system tree rooted at the share directory.
+ Dfs links are specified in the share directory by symbolic
+ links of the form <filename moreinfo="none">msdfs:serverA\\shareA,serverB\\shareB</filename>
+ and so on. For more information on setting up a Dfs tree
+ on Samba, refer to <ulink url="msdfs.html">&quot;Hosting a Microsoft
+ Distributed File System tree on Samba&quot;</ulink> document.</para>
+
+ <para>See also <link linkend="HOSTMSDFS"><parameter moreinfo="none">host msdfs</parameter></link></para>
+
+ <para>Default: <command moreinfo="none">msdfs root = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfsobject.xml b/docs/docbook/smbdotconf/vfs/vfsobject.xml
new file mode 100644
index 0000000000..c68e8d0135
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfsobject.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="vfs object"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies a shared object files that
+ are used for Samba VFS I/O operations. By default, normal
+ disk I/O operations are used but these can be overloaded
+ with one or more VFS objects. </para>
+
+ <para>Default: <emphasis>no value</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfsoptions.xml b/docs/docbook/smbdotconf/vfs/vfsoptions.xml
new file mode 100644
index 0000000000..d07ec461e2
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfsoptions.xml
@@ -0,0 +1,12 @@
+<samba:parameter name="vfs options"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter allows parameters to be passed
+ to the vfs layer at initialization time.
+ See also <link linkend="VFSOBJECT"><parameter moreinfo="none">
+ vfs object</parameter></link>.</para>
+
+ <para>Default: <emphasis>no value</emphasis></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/vfs/vfspath.xml b/docs/docbook/smbdotconf/vfs/vfspath.xml
new file mode 100644
index 0000000000..c6718a0076
--- /dev/null
+++ b/docs/docbook/smbdotconf/vfs/vfspath.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="vfs path"
+ context="S"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the directory
+ to look in for vfs modules. The name of every <command moreinfo="none">vfs object
+ </command> will be prepended by this directory.</para>
+
+ <para>Default: <command moreinfo="none">vfs path = </command></para>
+
+ <para>Example: <command moreinfo="none">vfs path = /usr/lib/samba/vfs</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/templatehomedir.xml b/docs/docbook/smbdotconf/winbind/templatehomedir.xml
new file mode 100644
index 0000000000..6c19617bab
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/templatehomedir.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="template homedir"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the home directory for that user. If the
+ string <parameter moreinfo="none">%D</parameter> is present it
+ is substituted with the user's Windows NT domain name. If the
+ string <parameter moreinfo="none">%U</parameter> is present it
+ is substituted with the user's Windows NT user name.</para>
+
+ <para>Default: <command moreinfo="none">template homedir = /home/%D/%U</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/templateshell.xml b/docs/docbook/smbdotconf/winbind/templateshell.xml
new file mode 100644
index 0000000000..1104387331
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/templateshell.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="template shell"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When filling out the user information for a Windows NT
+ user, the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon uses this
+ parameter to fill in the login shell for that user.</para>
+
+ <para>Default: <command moreinfo="none">template shell = /bin/false</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindcachetime.xml b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml
new file mode 100644
index 0000000000..3080adc7c8
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindcachetime.xml
@@ -0,0 +1,14 @@
+<samba:parameter name="winbind cache time"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies the number of
+ seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon will cache
+ user and group information before querying a Windows NT server
+ again.</para>
+
+ <para>Default: <command moreinfo="none">winbind cache type = 15</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml
new file mode 100644
index 0000000000..1cffca7492
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindenumgroups.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="winbind enum groups"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be necessary to suppress
+ the enumeration of groups through the <command moreinfo="none">setgrent()</command>,
+ <command moreinfo="none">getgrent()</command> and
+ <command moreinfo="none">endgrent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum groups</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getgrent()</command> system
+ call will not return any data. </para>
+
+ <para><emphasis>Warning:</emphasis> Turning off group
+ enumeration may cause some programs to behave oddly.
+ </para>
+
+ <para>Default: <command moreinfo="none">winbind enum groups = yes </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindenumusers.xml b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml
new file mode 100644
index 0000000000..95f1e7ff4c
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindenumusers.xml
@@ -0,0 +1,23 @@
+<samba:parameter name="winbind enum users"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>On large installations using <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> it may be
+ necessary to suppress the enumeration of users through the <command moreinfo="none">setpwent()</command>,
+ <command moreinfo="none">getpwent()</command> and
+ <command moreinfo="none">endpwent()</command> group of system calls. If
+ the <parameter moreinfo="none">winbind enum users</parameter> parameter is
+ <constant>no</constant>, calls to the <command moreinfo="none">getpwent</command> system call
+ will not return any data. </para>
+
+ <para><emphasis>Warning:</emphasis> Turning off user
+ enumeration may cause some programs to behave oddly. For
+ example, the finger program relies on having access to the
+ full user list when searching for matching
+ usernames. </para>
+
+ <para>Default: <command moreinfo="none">winbind enum users = yes </command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindgid.xml b/docs/docbook/smbdotconf/winbind/winbindgid.xml
new file mode 100644
index 0000000000..a8414e9e8c
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindgid.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind gid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The winbind gid parameter specifies the range of group
+ ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon. This range of group ids should have no
+ existing local or NIS groups within it as strange conflicts can
+ occur otherwise.</para>
+
+ <para>Default: <command moreinfo="none">winbind gid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind gid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindseparator.xml b/docs/docbook/smbdotconf/winbind/winbindseparator.xml
new file mode 100644
index 0000000000..cefc69d5bd
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindseparator.xml
@@ -0,0 +1,21 @@
+<samba:parameter name="winbind separator"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter allows an admin to define the character
+ used when listing a username of the form of <replaceable>DOMAIN
+ </replaceable>\<replaceable>user</replaceable>. This parameter
+ is only applicable when using the <filename moreinfo="none">pam_winbind.so</filename>
+ and <filename moreinfo="none">nss_winbind.so</filename> modules for UNIX services.
+ </para>
+
+ <para>Please note that setting this parameter to + causes problems
+ with group membership at least on glibc systems, as the character +
+ is used as a special character for NIS in /etc/group.</para>
+
+ <para>Default: <command moreinfo="none">winbind separator = '\'</command></para>
+
+ <para>Example: <command moreinfo="none">winbind separator = +</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbinduid.xml b/docs/docbook/smbdotconf/winbind/winbinduid.xml
new file mode 100644
index 0000000000..6fee40fcb8
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbinduid.xml
@@ -0,0 +1,16 @@
+<samba:parameter name="winbind uid"
+ context="G"
+ advanced="1" developer="1" hide="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>The winbind gid parameter specifies the range of group
+ ids that are allocated by the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon. This range of ids should have no
+ existing local or NIS users within it as strange conflicts can
+ occur otherwise.</para>
+
+ <para>Default: <command moreinfo="none">winbind uid = &lt;empty string&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind uid = 10000-20000</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml
new file mode 100644
index 0000000000..5c31a7f9b0
--- /dev/null
+++ b/docs/docbook/smbdotconf/winbind/winbindusedefaultdomain.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="winbind used default domain"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This parameter specifies whether the
+ <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon should operate on users
+ without domain component in their username. Users without a domain
+ component are treated as is part of the winbindd server's own
+ domain. While this does not benifit Windows users, it makes SSH, FTP and
+ e-mail function in a way much closer to the way they
+ would in a native unix system.</para>
+
+ <para>Default: <command moreinfo="none">winbind use default domain = &lt;no&gt;</command></para>
+
+ <para>Example: <command moreinfo="none">winbind use default domain = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/dnsproxy.xml b/docs/docbook/smbdotconf/wins/dnsproxy.xml
new file mode 100644
index 0000000000..45ec160c5a
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/dnsproxy.xml
@@ -0,0 +1,25 @@
+<samba:parameter name="dns proxy"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>Specifies that <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> when acting as a WINS server and
+ finding that a NetBIOS name has not been registered, should treat the
+ NetBIOS name word-for-word as a DNS name and do a lookup with the DNS server
+ for that name on behalf of the name-querying client.</para>
+
+ <para>Note that the maximum length for a NetBIOS name is 15
+ characters, so the DNS name (or DNS alias) can likewise only be
+ 15 characters, maximum.</para>
+
+ <para><command moreinfo="none">nmbd</command> spawns a second copy of itself to do the
+ DNS name lookup requests, as doing a name lookup is a blocking
+ action.</para>
+
+ <para>See also the parameter <link linkend="WINSSUPPORT"><parameter moreinfo="none">
+ wins support</parameter></link>.</para>
+
+ <para>Default: <command moreinfo="none">dns proxy = yes</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winshook.xml b/docs/docbook/smbdotconf/wins/winshook.xml
new file mode 100644
index 0000000000..e38e93f6b5
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winshook.xml
@@ -0,0 +1,57 @@
+<samba:parameter name="wins hook"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>When Samba is running as a WINS server this
+ allows you to call an external program for all changes to the
+ WINS database. The primary use for this option is to allow the
+ dynamic update of external name resolution databases such as
+ dynamic DNS.</para>
+
+ <para>The wins hook parameter specifies the name of a script
+ or executable that will be called as follows:</para>
+
+ <para><command moreinfo="none">wins_hook operation name nametype ttl IP_list</command></para>
+
+ <itemizedlist>
+ <listitem>
+ <para>The first argument is the operation and is
+ one of &quot;add&quot;, &quot;delete&quot;, or
+ &quot;refresh&quot;. In most cases the operation
+ can be ignored as the rest of the parameters
+ provide sufficient information. Note that
+ &quot;refresh&quot; may sometimes be called when
+ the name has not previously been added, in that
+ case it should be treated as an add.</para>
+ </listitem>
+
+ <listitem>
+ <para>The second argument is the NetBIOS name. If the
+ name is not a legal name then the wins hook is not called.
+ Legal names contain only letters, digits, hyphens, underscores
+ and periods.</para>
+ </listitem>
+
+ <listitem>
+ <para>The third argument is the NetBIOS name
+ type as a 2 digit hexadecimal number. </para>
+ </listitem>
+
+ <listitem>
+ <para>The fourth argument is the TTL (time to live)
+ for the name in seconds.</para>
+ </listitem>
+
+ <listitem>
+ <para>The fifth and subsequent arguments are the IP
+ addresses currently registered for that name. If this list is
+ empty then the name should be deleted.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>An example script that calls the BIND dynamic DNS update
+ program <command moreinfo="none">nsupdate</command> is provided in the examples
+ directory of the Samba source code. </para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winspartners.xml b/docs/docbook/smbdotconf/wins/winspartners.xml
new file mode 100644
index 0000000000..9ec277ed2d
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winspartners.xml
@@ -0,0 +1,17 @@
+<samba:parameter name="wins partner"
+ context="G"
+ advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>A space separated list of partners' IP addresses for
+ WINS replication. WINS partners are always defined as push/pull
+ partners as defining only one way WINS replication is unreliable.
+ WINS replication is currently experimental and unreliable between
+ samba servers.
+ </para>
+
+ <para>Default: <command moreinfo="none">wins partners = </command></para>
+
+ <para>Example: <command moreinfo="none">wins partners = 192.168.0.1 172.16.1.2</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winsproxy.xml b/docs/docbook/smbdotconf/wins/winsproxy.xml
new file mode 100644
index 0000000000..11f47e31c7
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winsproxy.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="wins proxy"
+ context="G"
+ advanced="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This is a boolean that controls if <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> will respond to broadcast name
+ queries on behalf of other hosts. You may need to set this
+ to <constant>yes</constant> for some older clients.</para>
+
+ <para>Default: <command moreinfo="none">wins proxy = no</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winsserver.xml b/docs/docbook/smbdotconf/wins/winsserver.xml
new file mode 100644
index 0000000000..12ee635acd
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winsserver.xml
@@ -0,0 +1,37 @@
+<samba:parameter name="wins server"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This specifies the IP address (or DNS name: IP
+ address for preference) of the WINS server that <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> should register with. If you have a WINS server on
+ your network then you should set this to the WINS server's IP.</para>
+
+ <para>You should point this at your WINS server if you have a
+ multi-subnetted network.</para>
+
+ <para>If you want to work in multiple namespaces, you can
+ give every wins server a 'tag'. For each tag, only one
+ (working) server will be queried for a name. The tag should be
+ seperated from the ip address by a colon.
+ </para>
+
+ <note><para>You need to set up Samba to point
+ to a WINS server if you have multiple subnets and wish cross-subnet
+ browsing to work correctly.</para></note>
+
+ <para>See the documentation file <ulink url="improved-browsing.html">Browsing</ulink> in the samba howto collection.</para>
+
+ <para>Default: <emphasis>not enabled</emphasis></para>
+
+ <para>Example: <command>wins server = mary:192.9.200.1 fred:192.168.3.199 mary:192.168.2.61</command></para>
+
+ <para>For this example when querying a certain name, 192.19.200.1 will
+ be asked first and if that doesn't respond 192.168.2.61. If either
+ of those doesn't know the name 192.168.3.199 will be queried.
+ </para>
+
+ <para>Example: <command>wins server = 192.9.200.1 192.168.2.61</command></para>
+</listitem>
+</samba:parameter>
diff --git a/docs/docbook/smbdotconf/wins/winssupport.xml b/docs/docbook/smbdotconf/wins/winssupport.xml
new file mode 100644
index 0000000000..eef59e708f
--- /dev/null
+++ b/docs/docbook/smbdotconf/wins/winssupport.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="wins support"
+ context="G"
+ basic="1" advanced="1" wizard="1" developer="1"
+ xmlns:samba="http://samba.org/common">
+<listitem>
+ <para>This boolean controls if the <citerefentry><refentrytitle>nmbd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> process in Samba will act as a WINS server. You should
+ not set this to <constant>yes</constant> unless you have a multi-subnetted network and
+ you wish a particular <command moreinfo="none">nmbd</command> to be your WINS server.
+ Note that you should <emphasis>NEVER</emphasis> set this to <constant>yes</constant>
+ on more than one machine in your network.</para>
+
+ <para>Default: <command moreinfo="none">wins support = no</command></para>
+</listitem>
+</samba:parameter>